Description
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Alexander Kornbrust · textremotemultiple
https://www.exploit-db.com/exploits/24567
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11099
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/316206
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12409/
Scores
EPSS
0.1933
EPSS Percentile
95.4%
Details
CWE
CWE-94
Status
published
Products (6)
oracle/oracle8i
enterprise_8.1.7_.4
oracle/oracle8i
standard_8.1.7_.4
oracle/oracle9i
enterprise_9.2.0.4
oracle/oracle9i
personal_9.2.0.4
oracle/oracle9i
standard_9.0.1.3
oracle/oracle9i
standard_9.2.0.4
Published
Sep 02, 2004
Tracked Since
Feb 18, 2026