Oracle Database 8i/9i Multiple Remote Directory Traversal Vulnerabilities

Oracle Database 8i/9i Multiple Remote Directory Traversal Vulnerabilities

Oracle Database server is reported prone to multiple directory traversal vulnerabilities that may allow a remote attacker to read, write, or rename arbitrary files with the privileges of the Oracle Database server.

The issues are reported to exist due to a lack of sufficient input validation performed on filenames and paths passed to file processing functions, and may allow a malicious SQL query to traverse outside of a directory that is described in an Oracle directory object.