Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Alexander Kornbrust (akred-database-security.com)
Date: Thu Apr 16 2009 - 00:53:28 CDT
Name SQL Injection in package DBMS_AQIN
Systems Affected Oracle 10.1.0.5 - 22.214.171.124
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-
Advisory 14 April 2009 (V 1.00)
The package DBMS_AQIN contains a SQL injection vulnerability in the
Additional information is available in the following advisory.
Apply the patches for Oracle CPU April 2009.
Our Oracle database scanner Repscan was updated with the information
from the Oracle
CPU April 2009 and can identify vulnerable databases.
More Information about Repscan can be found here:
14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0992]
14-apr-2009 Advisory published
Red-Database-Security is the leading company for Oracle security.
Within the last
6 years we reported several hundred vulnerabilities to Oracle.
(c) 2009 by Red-Database-Security GmbH
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/