Re: FW: [VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i

From: <ryan_gaffuri_at_comcast.net>
Date: Tue, 18 Jan 2005 21:17:25 +0000
Message-Id: <011820052117.12807.41ED7CE5000D54F1000032072207002953079D9A00000E09A1020E979D@comcast.net>

i was under the impression(apparently wrong) that if you use bind variables, sql injection wont work. the only way i know to get sql injection to work is to dummy up the quotes to manipulate the where clause? -------------- Original message --------------

> Hi Ruth,
>
> This is related to the first quarterly patch set release. NGS are
> probably one of many researchers who have found security bugs that

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Jan 19 2005 - 00:19:59 CST

This message: [ Message body ]
Next message: Pete Finnigan: "Re: FW: [VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i"
Previous message: Greg Norris: "Re: FW: [VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i"
Maybe in reply to: Ruth Gramolini: "FW: [VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i"
Next in thread: Don Granaman: "Re: [VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US