Questions tagged [oracle]

an American computer technology company based in California. Oracle specialize in computer hardware and enterprise software products including it's own brand RDBMS, along with MySQL and Java as a result of purchasing Sun Microsystems.

Oracle Corporation is an American computer technology company based in California. Oracle specialize in computer hardware and enterprise software products including it's own brand RDBMS, along with MySQL and Java as a result of purchasing Sun Microsystems.

Related reading

63 questions

votes

3 answers

JInitiator is obsolete and I should reject it on grounds of security, right?

I'm getting a lot of flack and resistance from developers for not allowing a large (200+ users) roll-out of Oracle's JInitiator (http://www.oracle.com/technetwork/testcontent/jinit-084453.html) as substitute Oracle Forms clients. JInitiator is an…

web-browser java oracle

asked Mar 20 '13 at 13:26

mcgyver5

6,807
2
24
45

votes

1 answer

Is the most recent version of ojdbc7 still vulnerable to CVE-2016-3506?

Looking at the Oracle security advisory page here: https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Oracle in 2016 disclosed vulnerabilites in their OJDBC7 versions 12.1.0.1 and 12.1.0.2. However looking for the most…

databases java cve patching oracle

asked Oct 02 '19 at 19:09

Trevor

votes

1 answer

Is it possible to take over a Windows server through Oracle?

I have a Windows Server 2008 R2 with an Oracle database running on it. Someone who knows my Oracle username and password claims that he can create a Windows system account somehow. And then he can control the whole server and do whatever he…

windows windows-server oracle

asked Sep 09 '19 at 14:22

user216358

votes

2 answers

Do I have to change my database user password in this situation?

Ok I know this is a stupid question but our one and only DBA get into a mess with our manager and rage quit today. As a small company, I (IT support guy who knows nothing about DB) was told to change "password" to protect the database from…

oracle

asked Apr 13 '17 at 13:20

Peterjohn David

votes

1 answer

How to update table with sqlmap and without stacked queries?

down vote favorite I'm trying to use following code sqlmap -u "http://exp.com/portal/pd.jsp action=edit&info=products&sub_info=price" --cookie="JSESSIONID....." --dbms Oracle -D PRODUCTS -T PRICE --threads 10 --sql-query="UPDATE PRICE SET PRICE…

sql-injection apache sqlmap oracle

asked Mar 26 '17 at 02:06

user143049

votes

1 answer

What is the best practice for giving Oracle DB credentials to a Java Application?

I have Java applications (using Spring running in Jetty Servlet containers) that need to access an Oracle database. What is the best practice for giving the DB credentials to the applications? I came across Hashicorp Vault's MySQL backend. I like…

databases defense configuration credentials oracle

asked Aug 24 '16 at 19:59

Adam

votes

4 answers

How Likely Is It For A Virus To Spread From A Linux VM To The Windows Host

I'm currently running Windows 10, and I plan to use a Linux distro to run in a VM (Virtual Box). I know Linux is one of the most secure operating systems there is and I'm curious as to how likely it is a virus could spread from the Linux distro onto…

network linux virus virtualization oracle

asked Nov 25 '15 at 16:53

Kittencakes

votes

1 answer

PL/SQL injection and data exfil

During a pen test I stumbled upon the following error while fuzzing a few parameters: *HTTP Status 500 - org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; bad SQL grammar [select * from %27 where 1 = 0 ]; nested exception…

sql-injection java oracle

asked Sep 30 '15 at 11:08

ilikebeets

2,646
15
21

votes

1 answer

Is it a security risk to have 'Control + j' functionality enabled in a production instance of PeopleSoft?

The control + j feature within PeopleSoft outputs a list of potentially interesting data for a potential attacker. The feature is generally used to aid in debugging. Here is a the [censored] output from a control + j: Is it a security risk to have…

web-application risk-management software risk-analysis oracle

asked Nov 05 '14 at 15:45

Matthew Peters

3,592
4
21
39

votes

4 answers

Code, Data and Passwd encrypted? sqlplus $USER/$PASSWORD@$ORACLE_REMOTE_SID

Lots of our *NIX scripts use "sqlplus $USER/$PASSWORD@$ORACLE_REMOTE_SID" I know that not good to have clear text password in scripts (there is no alternative at the moment). But question is the username and password transmitted over network…

encryption databases data-leakage oracle

asked Dec 01 '12 at 19:03

Sybil

1,435
2
15
29

votes

3 answers

Are encrypted databases secure against all attacks?

If I use a database encryption package for oracle like dbms_crypto, would this be vulnerable to any attacks? I know that it uses algorithms like 3DES, AES, etc. These are all thigns that you can use while using this package, and there are attacks…

encryption aes oracle 3des

asked Apr 21 '20 at 17:33

Brooney

votes

1 answer

Symantec rooted certificates trust and Oracle Java trust store, is Oracle planing to remove trust as well?

We are using Symantec CA rooted certs to sign JARs. Since Google and Mozilla have indicated that they are not trusting Symantec CA, should I be concerned that Oracle will remove trust from Symantec CA roots as well in any JVM updates? Was there any…

public-key-infrastructure certificate-authority java code-signing oracle

asked Apr 04 '18 at 09:12

wilx

votes

2 answers

Is there a risk of using AEAD encryption algorithms when the key is generated from a password?

I need to encrypt something on a smartphone. The data is relatively small and would be stored encrypted on the phone. I was thinking AES-GCM with a key generated by a password (chosen by the app's user), but I wonder if there is a risk, with…

encryption pbkdf2 oracle

asked Oct 14 '16 at 09:15

NGU

votes

3 answers

How do attackers find the database technology used by a web application?

These days there are several database technologies are available for data storage purpose. While performing injection attacks, how do attackers actually identify the database used by a website? If it is possible by any queries or commands through…

attacks sql-injection databases mysql oracle

asked Sep 25 '14 at 07:26

Anandu M Das

1,981
14
31
46

votes

0 answers

How can an attacker use SQL injection in ALTER query?/What can an attacker do with an injectable ALTER statement?

Let's say you have a Java app which has a query which can unlock/reset passwords for users like: ALTER USER " + iD_Of_User.toUpperCase() + " IDENTIFIED BY " + password_Of_User + " ACCOUNT UNLOCK Where iD_Of_User and password_Of_User definitely come…

sql-injection owasp secure-coding oracle

asked Nov 18 '19 at 21:59

Garret

Prev 1

3 4 5 Next