AOH :: HP Unsorted S :: VA3186.HTM

SQL Injection in package DBMS_AQADM_SYS
SQL Injection in package DBMS_AQADM_SYS
SQL Injection in package DBMS_AQADM_SYS

Name              SQL Injection in package DBMS_AQADM_SYS [CVE-2009-0977]
Systems Affected  Oracle -
Severity          Medium Risk
Category          SQL Injection
Vendor URL 
Author            Franz H=FCll (fh at
CVE               CVE-2009-0977
Advisory          14 April 2009 (V 1.00)

The package DBMS_AQADM_SYS contains a SQL injection vulnerability in the procedure

Additional information is available in the following advisory.


Patch Information:
Apply the patches for Oracle CPU April 2009.

Our Oracle database scanner Repscan was updated with the information from the Oracle
CPU April 2009 and can identify vulnerable databases. 
More Information about Repscan can be found here: 

14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0977]
14-apr-2009 Advisory published

About Red-Database-Security:
Red-Database-Security is the leading company for Oracle security. Within the last 
6 years we reported several hundred vulnerabilities to Oracle.

(c) 2009 by Red-Database-Security GmbH 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to