QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2589

Published: Jul 15, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

20080715 Oracle Application Server PLSQL injection flaw

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_HP

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.