Reported January 18, 2005, by NGSSoftware
All releases of versions 10g and 9i
Multiple vulnerabilities have been discovered in Oracle Database Server. The vulnerabilities include "PL/SQL" injection and an unchecked buffer, which could allow an overflow to occur. The vulnerabilities could allow users to gain adminstrator privileges on an affect server.
Oracle has issued patches to correct these problems which can be obtained at the company's MetaLink Web site.
Discovered by Next Generation Security Software