Lucene search
ERPScanERPSCAN-09-010HistoryJan 29, 2008 - 12:00 a.m.
Oracle Database 10G CTXSYS.DRVXTABX — PLSQL Injection
2008-01-2900:00:00
erpscan.io
18
EPSS
0.177
Percentile
96.2%
Application: Oracle Database 10G **Versions Affected:**Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL:<http://oracle.com> **Bugs:**PL/SQL Injections **Exploits:**YES **Reported:**29.01.2008 **Vendor response:**31.01.2008 **CVE:**CVE-2009-1991 **SVSS2:**3.6 **Date of Public Advisory:**26.10.2009 **Solution:**YES (Non official) Author: Alexandr Polyakov
Description
Oracle Database 10G and 9g are vulnerable to PL/SQL Injection. PL/SQL Injection found in the following procedure ctxsys.drvxtabc.create_tables
Business Risk
Legal database user can escalate privileges and gain unauthorized access to business-critical data.
Related
securityvulns
securityvulns
Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others
2009-11-30 00:00:00
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
2009-10-28 00:00:00
Oracle multiple security vulnerabilities
2009-11-30 00:00:00
cvelist
cvelist
CVE-2009-1991
2009-10-22 18:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Database Server CREATE_TABLES SQL Injection (CVE-2009-1991)
2009-12-17 00:00:00
cve
cve
CVE-2009-1991
2009-10-22 18:30:00
prion
prion
Sql injection
2009-10-22 18:30:00
nvd
nvd
CVE-2009-1991
2009-10-22 18:30:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (October 2009 CPU)
2011-11-16 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - October 2009
2009-10-20 00:00:00