« "The Anatomy of Cross Site Scripting" Paper released | Main | Microsoft Frontpage Overflow »

Oracle Application Server 9i and RDBMS Multiple SQL Injection Vulnerabilities

"Oracle's RDBMS, a leading database server package, supports stored packages and procedures through the use of PL/SQL. These packages and procedures can be accessed through Oracle's Application Server's Portal module. Oracle Application Server is a web server designed for Oracle applications. Many of the PL/SQL packages and procedures are vulnerable to SQL Injection. Using these vulnerabilities an unauthenticated attacker can gain access to all data in the database from the Internet." - ngssoftware.com

Full NGSSoftware Insight Security Advisory

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!