SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in temporary files. Weak permissions for temporary files. Reading and writing any file with Oracle Reports. Command execution with Oracle Forms and Oracle Reports. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment.
CPE | Name | Operator | Version |
---|---|---|---|
jdeveloper | eq | 9.0 | |
sunmc | eq | 3.5 | |
oracle e-business suite | eq | 11.0 |
vulners.com/securityvulns/securityvulns:doc:10002
vulners.com/securityvulns/securityvulns:doc:10170
vulners.com/securityvulns/securityvulns:doc:10171
vulners.com/securityvulns/securityvulns:doc:11096
vulners.com/securityvulns/securityvulns:doc:11097
vulners.com/securityvulns/securityvulns:doc:11098
vulners.com/securityvulns/securityvulns:doc:11099
vulners.com/securityvulns/securityvulns:doc:11100
vulners.com/securityvulns/securityvulns:doc:11101
vulners.com/securityvulns/securityvulns:doc:11102
vulners.com/securityvulns/securityvulns:doc:11103
vulners.com/securityvulns/securityvulns:doc:11105
vulners.com/securityvulns/securityvulns:doc:11186
vulners.com/securityvulns/securityvulns:doc:11202
vulners.com/securityvulns/securityvulns:doc:11278
vulners.com/securityvulns/securityvulns:doc:11279
vulners.com/securityvulns/securityvulns:doc:12139
vulners.com/securityvulns/securityvulns:doc:12304
vulners.com/securityvulns/securityvulns:doc:12307
vulners.com/securityvulns/securityvulns:doc:12323
vulners.com/securityvulns/securityvulns:doc:12340
vulners.com/securityvulns/securityvulns:doc:12417
vulners.com/securityvulns/securityvulns:doc:13570
vulners.com/securityvulns/securityvulns:doc:13571
vulners.com/securityvulns/securityvulns:doc:13572
vulners.com/securityvulns/securityvulns:doc:13573
vulners.com/securityvulns/securityvulns:doc:13574
vulners.com/securityvulns/securityvulns:doc:13575
vulners.com/securityvulns/securityvulns:doc:13658
vulners.com/securityvulns/securityvulns:doc:13659
vulners.com/securityvulns/securityvulns:doc:14805
vulners.com/securityvulns/securityvulns:doc:14806
vulners.com/securityvulns/securityvulns:doc:14807
vulners.com/securityvulns/securityvulns:doc:14808
vulners.com/securityvulns/securityvulns:doc:14818
vulners.com/securityvulns/securityvulns:doc:14819
vulners.com/securityvulns/securityvulns:doc:14820
vulners.com/securityvulns/securityvulns:doc:14822
vulners.com/securityvulns/securityvulns:doc:15449
vulners.com/securityvulns/securityvulns:doc:15472
vulners.com/securityvulns/securityvulns:doc:8369
vulners.com/securityvulns/securityvulns:doc:8370
vulners.com/securityvulns/securityvulns:doc:8371
vulners.com/securityvulns/securityvulns:doc:8372
vulners.com/securityvulns/securityvulns:doc:8373
vulners.com/securityvulns/securityvulns:doc:8406
vulners.com/securityvulns/securityvulns:doc:8460
vulners.com/securityvulns/securityvulns:doc:8461
vulners.com/securityvulns/securityvulns:doc:8462
vulners.com/securityvulns/securityvulns:doc:8463
vulners.com/securityvulns/securityvulns:doc:8514
vulners.com/securityvulns/securityvulns:doc:8515
vulners.com/securityvulns/securityvulns:doc:9100
vulners.com/securityvulns/securityvulns:doc:9146
vulners.com/securityvulns/securityvulns:doc:9147
vulners.com/securityvulns/securityvulns:doc:9148
vulners.com/securityvulns/securityvulns:doc:9149
vulners.com/securityvulns/securityvulns:doc:9174
vulners.com/securityvulns/securityvulns:doc:9182
vulners.com/securityvulns/securityvulns:doc:9220
vulners.com/securityvulns/securityvulns:doc:9221
vulners.com/securityvulns/securityvulns:doc:9222
vulners.com/securityvulns/securityvulns:doc:9223
vulners.com/securityvulns/securityvulns:doc:9224
vulners.com/securityvulns/securityvulns:doc:9225
vulners.com/securityvulns/securityvulns:doc:9232
vulners.com/securityvulns/securityvulns:doc:9274
vulners.com/securityvulns/securityvulns:doc:9307
vulners.com/securityvulns/securityvulns:doc:9880
vulners.com/securityvulns/securityvulns:doc:9881
vulners.com/securityvulns/securityvulns:doc:9882
vulners.com/securityvulns/securityvulns:doc:9883
vulners.com/securityvulns/securityvulns:doc:9884
vulners.com/securityvulns/securityvulns:doc:9885
vulners.com/securityvulns/securityvulns:doc:9886
vulners.com/securityvulns/securityvulns:doc:9977
vulners.com/securityvulns/securityvulns:doc:9979
vulners.com/securityvulns/securityvulns:doc:9980
vulners.com/securityvulns/securityvulns:doc:9981
vulners.com/securityvulns/securityvulns:doc:9986
vulners.com/securityvulns/securityvulns:doc:9988