Had Oracle themselves not emailed working exploit code around the world then I would probably agree, as it stands I think that it is a helpful warning. Niall On 4/12/06, Andre van Winssen <awinssen@xxxxxxxxx> wrote: > > yes, and I told the poster, Alexander Kornbrust, that his company is very > careless and irresponsible by revealing so much detail. It took little > time before I was able to delete data that wasn't mine or change dba > account passwords for which my oracle account had no priv. No patch > available yet and it works in all latest and greatest database versions. > Checked it myself > Are you ready for the next Cpu? > > Regards, > Andre > > -: An Oracle error is an index on the solutions table :- > -: Andre > > > > Has anyone read this - > > > > > http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html > > > > The note mentioned seems to be have taken out from the metalink now. > > > > Thanks > > Manmohan > > > > -- > > _______________________________________________ > > > > Search for businesses by name, location, or phone number. -Lycos Yellow > > Pages > > > > > http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10 > > > > -- > > //www.freelists.org/webpage/oracle-l > > > > > > > > > -- > //www.freelists.org/webpage/oracle-l > > > -- Niall Litchfield Oracle DBA http://www.orawin.info