|
|
CVE Reference: CVE-2004-1370 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2004-1370 |
|
|
Description: Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/18665 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 MISC http://www.ngssoftware.com/advisories/oracle23122004H.txt CONFIRM http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf CERT-VN 316206 CERT http://www.us-cert.gov/cas/techalerts/TA04-245A.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=110382596129607&w=2 BID 10871 |
|
| Return to the previous page. |
