Oracle April 2007 Security Update Multiple Vulnerabilities

Oracle April 2007 Security Update Multiple Vulnerabilities

References:

Analysis of the Oracle April 2007 Critical Patch Update (David Litchfield)
Bypass Oracle Logon Trigger (7826485) [DB05] (Alexander Kornbrust)
Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search - SES01 (Alexander Kornbrust)
Oracle Engine Upgrade and Critical Patch - TCIM 6.0/7.0/8.0 Embedded Database En (IBM)
Oracle Homepage (Oracle)
Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet (6085705) (Alexander Kornbrust)
SQL Injection in package SYS.DBMS_AQADM_SYS (6980695) [DB04] (Alexander Kornbrust)
SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (6980753) [DB07] (Alexander Kornbrust)
[Full-disclosure] ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vu (Oracle)
[Full-disclosure] ZDI-07-017: Oracle E-Business Suite Arbitrary Document Downloa (Oracle)
Advisory: Bypass Oracle Logon Trigger (Alexander Kornbrust)
Advisory: Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet (Alexander Kornbrust)
Advisory: SQL Injection in package SYS.DBMS_AQADM_SYS (Alexander Kornbrust)
Advisory: SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (Alexander Kornbrust)
Advisory: XSS Vulnerability in Oracle Secure Enterprise Search (Alexander Kornbrust)
Analysis of the Oracle April 2007 Critical Patch Update (David Litchfield)
Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL (Team SHATTER )
RE: [Full-disclosure] ZDI-08-088: Oracle E-Business Suite Self-Service Web Appli ("Integrigy Security" )
ZDI-08-088: Oracle E-Business Suite Business Intelligence SQL Injection Vulnerab (zdi-disclosures@3com.com)
Oracle Critical Patch Update - April 2007 (Oracle)