DOAG conference: Best of Oracle Security – older presentations (2013-2017)

Here is a list of older „Best-of“-presentations:

Best of Oracle Security 2017

Best of Oracle Security 2016

Best of Oracle Security 2015

Best of Oracle Security 2014

Best of Oracle Security 2013

DOAG 2018: Best of Oracle Security 2018

Last week I gave my yearly presentation “Best of Oracle Security 2018” at the DOAG 2018 conference in Nürnberg. In this presentation I talked about different Oracle exploits, a vulnerability in livesql.oracle.com, DNS data exfiltration in Oracle and how to audit SYSDBA connections in Oracle

 

Additionally I talked about the German DSGVO (GDPR) – „Wie wird die DSGVO umgesetzt und welche Lücken/Lügen gibt es?

.

DOAG 2015: Best of Oracle Security 2015

Yesterday I gave my yearly presentation “Best of Oracle Security 2015” at the DOAG 2015 conference in Nürnberg. In this presentation I showed different Oracle exploits I found/modified released in 2015 in various sources.

One of the most interesting Oracle bugs in 2015 was CVE-2014-6577 (found by Trustwave, affecting 11.2.0.3, 11.2.0.4, 12.1.0.1, 12.1.02, fixed in April 2015 CPU). This bug can be used as helper (more...)

Oracle CPU July 2014 + Oracle Exploit CVE-2013-3751

Yesterday, Oracle released a new critical patch update (CPU Jul 2014) for July 2014. This CPU contains fixes for 5 database vulnerabilities. The most critical one, CVE-2013-3751, has a base score of 9.0 and affects Oracle 12.1 only. The same issue was already fixed for Oracle 11.2 in July 2013 (CPU Jul 2013).

After a short research on the web (google and twitter, less than 5 minutes) I found an (more...)

Best of Oracle Security 2013

I just uploaded my DOAG 2013 presentation “Best of Oracle Security 2013“.

 

This presentation shows how to bypass Oracle Data Redaction, become DBA using CREATE ANY INDEX, Hide information from Oracle Auding using VPD and more…

—————————————————

SQL> select * from scott.credit_card where 1=ordsys.ord_dicom.getmappingxpath((card_id),user,user);

(more...)