Database security expert David Litchfield has unveiled a critical, unpatched vulnerability in Oracle s 11G database software that allows a hacker to take control of an Oracle database and access or modify information at any security level. Two sections of code within the company’s database application are left open to any user, rather than only to privileged administrators. Those vulnerable subroutines each have their own simple flaws that allow the user to gain complete access to the database s contents.
Source: https://threatpost.com/oracle-hacker-gets-last-word-020310/73477/