Oracle Application Express Exploits - The web application development tool APEX is used to develop and deploy applications that are hosted in the Oracle database. Oracle Application Server Exploits - Many software products like Oracle E-Business-Suite, Oracle Clinical, Oracle Collaboration Suite, custom development software. Contains new features (like dbms_scheduler) with new security issues. Oracle 10g Exploits - More secure than 8i or 9i. via CTXSYS.DRILOAD, DBMS_METADATA, DBMS_CDC_SUBSCRIBE) If you are not using the latest patchset / patchsets it is possible to become DBA with a single command (e.g. Oracle 9i Exploits - Many customers are still using 9.2.0.8.
Check the Critical Patch Updates on from secalert on a regular bases for additional information.
If you have an older version of 8i please try to update at least to 8.1.7.4 plus the latest security patchsets. Oracle 8i Exploits - There are a still Oracle 8.1.7.4 instances out there (even if desupported). With a few simple commands everyone (with listener access) can overtake the listener first and after that your database. Listener Exploits - Learn why it is important to protect your TNS Listener.
Red-Database-Security GmbH will soon publish a document how to find exploit code in the knowledge Hacker and script kiddies are using such code every day.ĭBAs and security professionals like pentester or auditors should know how to escalate privileges, becomeĭBA, become root, decrypt data, crash a database or doing a denial of service attack.Ī lot of proof-of-concept code can be found in Metalink if you know how to search in Metalink. in newsgroups, on websites (like bugtraq). This page does not not contain 0day exploits.Īll exploit code on this website is already out there, e.g. If your database or application server is hardened, all the exploits Tns listener, plsql function, plsql packages, forms, reports, isqlplus, ohs. This section "Oracle Exploits / Exploit" (or Proof-of-Concept code)Ĭontains information about Oracle security vulnerabilities in several products like database, webcache,