Well, you can’t say that we didn’t warn ya. Secunia now has the vulnerability alert posted to their site. The milw0rm exploits should be soon to follow.
From Secunia:
Description:
Multiple vulnerabilities have been reported for various Oracle products. Some of these have unknown impacts, while others can be exploited to bypass certain security restrictions and conduct SQL injection attacks.Details are available for the following vulnerabilities:
1) Oracle APEX does not correctly sanitise input passed via the password used in the wwv_flow_security.check_db_password function before using it in SQL queries. This can be exploited to modify SQL queries by injecting arbitrary SQL code.
2) Specially crafted views can be exploited to perform updates, deletes and inserts without having proper privileges.
3) Certain input processed by the DBMS_PRVTAQIS package is not correctly sanitised before being used in SQL queries. This can be exploited to modify SQL queries by injecting arbitrary SQL code.
Be sure to review the patches.
[tags]Oracle Vulnerabilities, Oracle Security, Database Security[/tags]