• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle9iAS Portal Component SQL Injection Vulnerability

Bugtraq ID:	8966
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 03 2003 12:00AM
Updated:	Nov 03 2003 12:00AM
Credit:	The disclosure of this issue has been credited to David Litchfield of Generation Security Software Ltd.
Vulnerable:	Oracle Oracle9i Application Server Portal 9.0.2 .3B + Oracle Oracle9i Application Server 9.0.2 .3 Oracle Oracle9i Application Server Portal 9.0.2 .3A + Oracle Oracle9i Application Server 9.0.2 .2 Oracle Oracle9i Application Server Portal 9.0.2 .3 + Oracle Oracle9i Application Server 9.0.2 .1 Oracle Oracle9i Application Server Portal 3.0.9 .8.5 + Oracle Oracle9i Application Server 1.0.2 .2 Oracle Oracle9i Application Server 9.0.2 .3 Oracle Oracle9i Application Server 9.0.2 .2 Oracle Oracle9i Application Server 9.0.2 .1 Oracle Oracle9i Application Server 9.0.2 .0.1 Oracle Oracle9i Application Server 9.0.2 .0.0 Oracle Oracle9i Application Server 9.0.2
Not Vulnerable: