SQL Injection in package DBMS_AQADM_SYS
- From: ak@xxxxxxxxxxxxxxxxxxxxxxxxx
- Date: Wed, 15 Apr 2009 23:40:55 -0600
Name SQL Injection in package DBMS_AQADM_SYS [CVE-2009-0977]
Systems Affected Oracle 126.96.36.199 - 10.2.0.3
Severity Medium Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Franz Hüll (fh at red-database-security.com)
Advisory 14 April 2009 (V 1.00)
The package DBMS_AQADM_SYS contains a SQL injection vulnerability in the procedure
Additional information is available in the following advisory.
Apply the patches for Oracle CPU April 2009.
Our Oracle database scanner Repscan was updated with the information from the Oracle
CPU April 2009 and can identify vulnerable databases.
More Information about Repscan can be found here:
14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0977]
14-apr-2009 Advisory published
Red-Database-Security is the leading company for Oracle security. Within the last
6 years we reported several hundred vulnerabilities to Oracle.
(c) 2009 by Red-Database-Security GmbH
- Prev by Date: [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation
- Next by Date: webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY--
- Previous by thread: [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation
- Next by thread: webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY--