Alex has added an Oracle exploits page to his site
"This is not illegal or dangerous. If your database or application server is hardened, all the exploits mentioned here are WITHOUT any effect."
This is good advice, just because Alex has links to these exploits does not mean that they would not be available if he did not have links. The problem is that exploit code is available either easy to find or harder for a lot of Oracle exploits. This means that if you do not patch then you are potentially in trouble.
Alex also adds:
"This page does not contain 0day exploits.
All exploit code on this website is already out there, e.g. in newsgroups, on websites (like bugtraq). Hacker and script kiddies are using such code every day."
And interestingly Alex says he will release a paper about how to search Metalink for exploit code examples. This should be worth seeing!
The page then has links to Listener Exploits, Oracle 8i Exploits, Oracle 9i Exploits, Oracle 10g Exploits and Oracle Application Server Exploits.
Each of these links takes you to a page that lists links to exploit code for various bugs. For instance the 10g exploits link has the following listed:
OS command injection in DBMS_SCHEDULER - [Become DBA]
SQL Injection vulnerability in DBMS_METADATA - [Become DBA]
SQL Injection vulnerability in DBMS_CDC_SUBSCRIBE / DBMS_CDC_ISUBSCRIBE - [Become DBA]
Denial of service vulnerability in Oracle Intermedia [Denial of Service]
This page finishes with some links to other sites that do contain Oracle exploit code. This page should be worth keeping an eye on. If you keep patch sets up to date you should not have an issue with these Oracle exploit codes.