VULHUB ™

Zero Day Initiative Advisory 08-088 - This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPS.ICXSUPWF.DisplayContacts package. The procedure fails to validate the contents of a WHERE clause containing user-suppled input. This allows an attacker to execute arbitrary SQL statements in the context of the APPS user.

Zero Day Initiative Advisory 08-088 - This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPS.ICXSUPWF.DisplayContacts package. The procedure fails to validate the contents of a WHERE clause containing user-suppled input. This allows an attacker to execute arbitrary SQL statements in the context of the APPS user.