ID CVE-2008-3983
Summary Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_9i:9.2.0.8
    cpe:2.3:a:oracle:database_9i:9.2.0.8
  • cpe:2.3:a:oracle:database_10g:10.1.0.5
    cpe:2.3:a:oracle:database_10g:10.1.0.5
  • cpe:2.3:a:oracle:database_10g:10.2.0.3
    cpe:2.3:a:oracle:database_10g:10.2.0.3
  • cpe:2.3:a:oracle:database_11i:11.1.0.6
    cpe:2.3:a:oracle:database_11i:11.1.0.6
  • cpe:2.3:a:oracle:database_9i:9.2.0.8dv
    cpe:2.3:a:oracle:database_9i:9.2.0.8dv
CVSS
Base: 5.5 (as of 23-11-2016 - 12:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
exploit-db via4
description Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit. CVE-2008-3983. Local exploits for multiple platform
id EDB-ID:7676
last seen 2016-02-01
modified 2009-01-06
published 2009-01-06
reporter sh2kerr
source https://www.exploit-db.com/download/7676/
title Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit
metasploit via4
description This module exploits a sql injection flaw in the MERGEWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.
id MSF:AUXILIARY/SQLI/ORACLE/LT_MERGEWORKSPACE
last seen 2018-08-26
modified 2017-08-29
published 2009-07-28
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb
title Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_OCT_2008.NASL
description The remote Oracle database server is missing the October 2008 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Core RDBMS - Oracle Application Express - Oracle Data Capture - Oracle Data Mining - Oracle OLAP - Oracle Spatial - Upgrade - Workspace Manager
last seen 2019-02-21
modified 2018-11-15
plugin id 56062
published 2011-11-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56062
title Oracle Database Multiple Vulnerabilities (October 2008 CPU)
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
sectrack 1021050
secunia 32291
vupen ADV-2008-2825
xf oracle-database-workspace-priv-escalation2(45886)
Last major update 23-11-2016 - 13:02
Published 14-10-2008 - 17:11
Last modified 07-08-2017 - 21:32
Back to Top