欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入 受影响系统: Oracle E-Business Suite 11i 11.5.7 - 11.5.10 CU2 Oracle Enterprise Manager 9.2.0.8 Oracle Enterprise Manager 9.2.0.7 Oracle Enterprise Manager 9.0.1.5 Oracle Database 10g
欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入
受影响系统:
- Oracle E-Business Suite 11i 11.5.7 - 11.5.10 CU2
- Oracle Enterprise Manager 9.2.0.8
- Oracle Enterprise Manager 9.2.0.7
- Oracle Enterprise Manager 9.0.1.5
- Oracle Database 10g Release 1 10.1.0.5
- Oracle Database 10g Release 1 10.1.0.4
- Oracle Oracle9i Database Server Release 2 9.2.0.8
- Oracle Oracle9i Database Server Release 2 9.2.0.7
- Oracle Application Server 10g (9.0.4) 9.0.4.3
- Oracle Application Server 10g (9.0.4) 9.0.4.3
- Oracle Application Server 10g Release 2 10.1.2.2.0
- Oracle Application Server 10g Release 2 10.1.2.1.0
- Oracle Application Server 10g Release 2 10.1.2.0.0 - 10.1.2.0.2
- Oracle Database 10g Release 2 10.2.0.3
- Oracle Database 10g Release 2 10.2.0.2
- Oracle JD Edwards EnterpriseOne Tools 8.96
- Oracle JD Edwards OneWorld Tools SP23
- Oracle PeopleSoft Enterprise PeopleTools 8.48
- Oracle PeopleSoft Enterprise PeopleTools 8.47
- Oracle PeopleSoft Enterprise PeopleTools 8.22
- Oracle Secure Enterprise Search 10g Release 1 10.1.6
- Oracle Oracle10g Collaboration Suite Release 1 10.1.2
- Oracle Oracle E-Business Suite Release 12 12.0.0
- Oracle PeopleSoft Enterprise Human Capital Management 8.9
描述:
Oracle Database是一款商业性质大型数据库系统。
Oracle发布了2007年4月的紧急补丁更新公告,修复了多个Oracle产品中的多个漏洞。这些漏洞影响Oracle产品的所有安全属性,可导致本地和远程的威胁。其中一些漏洞可能需要各种级别的授权,但也有些不需要任何授权。最严重的漏洞可能导致完全入侵数据库系统。目前已知的漏洞包括:
- 1 攻击者可以绕过Oracle数据库的登录触发器(logon trigger)。登录触发器用于限制用户访问,因此这可能导致严重的安全问题;
- 2 DBMS_UPGRADE_INTERNAL和DBMS_AQADM_SYS软件包中存在SQL注入漏洞;
- 3 Oracle Secure Enterprise Search 10g的boundary_rules.jsp文件中EXPTYPE参数可能导致跨站脚本漏洞;
- 4 Oracle Discoverer Servlet中包含有database/tns别名的字段,攻击者可以通过这个字段发送TNS STOP命令关闭未受到保护的Oracle TNS Listener。
厂商补丁:
Oracle已经为此发布了一个安全公告(cpuapr2007)以及相应补丁:
cpuapr2007:Oracle Critical Patch Update - April 2007
oracle怎么查询所有索引May 13, 2022 pm 05:23 PM方法:1、利用“select*from user_indexes where table_name=表名”语句查询表中索引;2、利用“select*from all_indexes where table_name=表名”语句查询所有索引。
什么是oracle asmApr 18, 2022 pm 04:16 PMoracle asm指的是“自动存储管理”,是一种卷管理器,可自动管理磁盘组并提供有效的数据冗余功能;它是做为单独的Oracle实例实施和部署。asm的优势:1、配置简单、可最大化推动数据库合并的存储资源利用;2、支持BIGFILE文件等。
oracle全角怎么转半角May 13, 2022 pm 03:21 PM在oracle中,可以利用“TO_SINGLE_BYTE(String)”将全角转换为半角;“TO_SINGLE_BYTE”函数可以将参数中所有多字节字符都替换为等价的单字节字符,只有当数据库字符集同时包含多字节和单字节字符的时候有效。
Oracle怎么查询端口号May 13, 2022 am 10:10 AM在Oracle中,可利用lsnrctl命令查询端口号,该命令是Oracle的监听命令;在启动、关闭或重启oracle监听器之前可使用该命令检查oracle监听器的状态,语法为“lsnrctl status”,结果PORT后的内容就是端口号。
oracle怎么删除sequenceMay 13, 2022 pm 03:35 PM在oracle中,可以利用“drop sequence sequence名”来删除sequence;sequence是自动增加数字序列的意思,也就是序列号,序列号自动增加不能重置,因此需要利用drop sequence语句来删除序列。
oracle怎么查询数据类型May 13, 2022 pm 04:19 PM在oracle中,可以利用“select ... From all_tab_columns where table_name=upper('表名') AND owner=upper('数据库登录用户名');”语句查询数据库表的数据类型。
oracle查询怎么不区分大小写May 10, 2022 pm 05:45 PM方法:1、利用“LOWER(字段值)”将字段转为小写,或者利用“UPPER(字段值)”将字段转为大写;2、利用“REGEXP_LIKE(字符串,正则表达式,'i')”,当参数设置为“i”时,说明进行匹配不区分大小写。
Oracle怎么修改sessionMay 13, 2022 pm 05:06 PM方法:1、利用“alter system set sessions=修改后的数值 scope=spfile”语句修改session参数;2、修改参数之后利用“shutdown immediate – startup”语句重启服务器即可生效。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
