Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19676
HistoryApr 16, 2008 - 12:00 a.m.

[Full-disclosure] Oracle - SQL Injection in package SDO_UTIL [DB05]

2008-04-1600:00:00
vulners.com
16
JSON

Oracle - SQL Injection in package SDO_UTIL [DB05]

Systems Affected 10g Rel. 1, 10g Rel. 2
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust
Advisory 16 April 2008 (V 1.00)
Advisory URL
http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_util.html

Details
The package SDO_UTIL is vulnerable against SQL injection.

Patch Information
Apply the patches for Oracle CPU April 2008.

History
6-jun-2007 Oracle secalert was informed
15-apr-2008 Oracle published CPU April 2008 [DB05]
16-apr-2008 Advisory published

Ā© 2008 by Red-Database-Security GmbH
http://www.red-database-security.com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON