Name SQL Injection in package DBMS_AQIN [CVE-2009-0992]
Systems Affected Oracle 10.1.0.5 - 22.214.171.124
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory 14 April 2009 (V 1.00)
The package DBMS_AQIN contains a SQL injection vulnerability in the procedure DEQ_EXEJOB.
Additional information is available in the following advisory.
Apply the patches for Oracle CPU April 2009.
Our Oracle database scanner Repscan was updated with the information from the Oracle
CPU April 2009 and can identify vulnerable databases.
More Information about Repscan can be found here:
14-apr-2009 Oracle published CPU April 2009 [CVE-]
14-apr-2009 Advisory published
Red-Database-Security is the leading company for Oracle security. Within the last
6 years we reported several hundred vulnerabilities to Oracle.
(c) 2009 by Red-Database-Security GmbH