RSS

Category: Security Advisory

TeamSHATTER’s Analysis of the October 2013 Oracle CPUTeam Shatter Exclusive

Posted October 16, 2013 by Alex Rothacker in Database Security, Oracle, Oracle, Team Shatter Exclusive with 0 comments

It’s the second Tuesday in October, so it is Oracle Critical Patch Update (CPU) time. The October 2013 CPU contains 127 fixes across Oracle’s Database, Fusion Middleware, Enterprise Manager, E-Business Suite, PeopleSoft, Siebel, Oracle and Sun Systems Product Suite, MySQL, Oracle Linux and Virtualization, and Oracle Java product lines. This is the first CPU to include Java fixes, and with 51 fixes it is a sizable portion of the CPU’s total fixes. 92 of the fixes in this CPU are…

Click for complete article >>

TeamSHATTER’s Analysis of the July 2013 Oracle CPUTeam Shatter Exclusive

Posted July 17, 2013 by Alex Rothacker in Database Security, Oracle, Oracle, Team Shatter Exclusive with 0 comments

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The July 2013 CPU contains 89 fixes across Oracle’s Database, Fusion Middleware, Hyperion, Enterprise Manager, E-Business Suite, Supply Chain, PeopleSoft, iLearning, Industry Applications Product Suite, Oracle and Sun Systems Product Suite, MySQL and Oracle Linux and Virtualization product lines. 45 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities….

Click for complete article >>

TeamSHATTER’s Analysis of the April 2013 Oracle CPUTeam Shatter Exclusive

Posted April 18, 2013 by Alex Rothacker in Oracle, Team Shatter Exclusive with 0 comments

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The April 2013 CPU contains 128 fixes across Oracle’s Database, Fusion Middleware, E-Business Suite, Supply Chain, PeopleSoft, Siebel, Health Sciences, Retail, FLEXCUBE, Primavera, Sun Product Suite, MySQL and Oracle Support Tools product lines. 46 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities. Three products have fixes for vulnerabilities…

Click for complete article >>

Latest DBMS Security Patch Levels – Updated

TeamSHATTER keeps you up to date with the latest DBMS Security Patch levels to ensure you are protected with the latest security fixes. Last updated 3/21/2013   Oracle   Edition Latest Patch Release Date Comments Database 11g R2 Database 11g R1 Database 10g R2 Critical Patch Update January 2013 January 15th 2013   Database 10gR1 Critical Patch Update January 2012 January 17th 2012 Out of support. This was the final patch for 10gR1. Database 9i Critical Patch Update July 2010…

Click for complete article >>

Advisory: Oracle Cross-site scripting in OEM (advReplicationAdmin)Team Shatter Exclusive

Posted February 20, 2013 by Alex Rothacker in Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to…

Click for complete article >>

Advisory: Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing vulnerabilityTeam Shatter Exclusive

Posted February 20, 2013 by Alex Rothacker in Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Qinglin Jiang of Application Security Inc. Details: Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable to an arbitrary URL redirection/phishing vulnerability. An attacker may inject an arbitrary URL into the web application and force the application to redirect to it without any validation. This vulnerability can be used in phishing attacks…

Click for complete article >>

Advisory: Oracle SQL Injection in OEM (streams queue)Team Shatter Exclusive

Posted February 20, 2013 by Alex Rothacker in Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed. Some parameters of /em/console/database/dist/streams/queue are vulnerable to SQL…

Click for complete article >>

Advisory: Oracle SQL Injection in OEM (SCPLBL_COLLECTED parameters)Team Shatter Exclusive

Posted February 20, 2013 by Alex Rothacker in Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed. Some parameters of /em/console/ecm/config/savedConfig are vulnerable to SQL Injection attacks. This…

Click for complete article >>

Advisory: Oracle SQL Injection in OEM (Resource Manager)Team Shatter Exclusive

Posted February 20, 2013 by Alex Rothacker in Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed. Some parameters of /em/console/database/instance/rsrcpln are vulnerable to SQL…

Click for complete article >>

Advisory: Oracle SQL Injection in OEM (dBClone)Team Shatter Exclusive

Posted February 20, 2013 by Alex Rothacker in Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed. Some parameters of /em/console/database/dbclone/dBClone are vulnerable to SQL…

Click for complete article >>
Powered by