Reported November 5, 2003, by NGSSoftware.
Oracle9i Application Server Releases 1 and 2
Oracle Relational Database Management System (RDBMS)
Multiple SQL-injection vulnerabilities in Application Server and RDBMS can result in remote compromise of the vulnerable server. Many of the Procedural Level (PL)/SQL packages and procedures that Application Server uses are vulnerable to SQL injection. An unauthenticated attacker can exploit these vulnerabilities to gain access from the Internet to all data in the database.
Discovered by NGSSoftware.