Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:44:51 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1983539822&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1004-advisories%2Fshatter-dbmscdcsql.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1983539822.1338180291.1338180291.1338180291.1%3B%2B__utmz%3D32867617.1338180291.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/88952/shatter-dbmscdcsql.txt http://packetstormsecurity.org/files/88952/shatter-dbmscdcsql.txt http://packetstormsecurity.org/files/88952/Oracle-Database-SQL-Injection-In-DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE.html Tue, 27 Apr 2010 20:22:17 GMT Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in DROP_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.