Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Red Database Security issues two new Oracle security advisories"] [Next entry: "Who_has_priv.sql, who_can_access.sql and who_has_role.sql updated"]

Alex has updated his Oracle exploits page to add 5 more exploit codes

I just noticed this evening that Alex has updated his Oracle Security exploits page to add 5 new exploits. These are:


"Become DBA via DBMS_SYS_SQL"

"Stop remote Listener via lsnrctl added"

"Switch username to SYS after executing a database job via dbms_scheduler added"

"SQL Injection in Oracle Portal WWV_LOV"

Be aware of these issues, if you are not patched then you are vulnerable.