OSVDB ID: 51319

Title: Oracle Enterprise Manager /em/console/reports/admin TARGET Parameter SQL Injection

Info

Disclosure

Jan 14, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Products

Unknown or Incomplete

References

CVE ID: 2008-5447 (see also: NVD)
Bugtraq ID: 33177
Secunia Advisory ID: 33525
Related OSVDB ID: 51317 51318 51326 51331 51332 51343 51352
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2009-02/0019.html
News Article: http://www.eweek.com/c/a/Security/Oracle-Releases-Critical-Patch-Update-With-41-Fixes/
http://www.infoworld.com/article/09/01/09/Oracle_to_issue_41_security_patches_1.html
Vendor Specific Advisory URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/51319