"said he passed details to Oracle last week on more than 250 SQL injection vulnerabilities in the company's 10g Release 1 database server. Kornbrust said he found the SQL injection holes in just 6 hours using automated vulnerability scanning tools to analyze about 9,000 software packages and functions that are part of 10g Release 1."
Alex also developed exploit code for some of the bugs that can be used to escalate privileges. He said up to 30% of the bugs can be used to escalate privileges.
Separately on Alex's "Upcoming Oracle Security Alerts" he shows that he has reported 25 vulnerabilities in the October 18 2005 Critical Patch update.
This totals more than 275 new bugs in the Oracle database products, almost exclusively in built-in PL/SQL packages that in most cases have PUBLIC execute privileges.