"SQL Injection in package SYS.KUPV$FT_INT" - This advisory lists 16 SQL Injection bugs in 13 functions or procedures contained in this package. Alex has detailed each function or procedure and listed which function or procedure parameters are vulnerable to SQL Injection. He also informs us in his advisory that Oracle have fixed the bugs by now using bind variables instead (I assume) of using concatenated strings in SQL statements.
"SQL Injection in package SYS.KUPV$FT" - This advisory lists 3 SQL Injection bugs in three different functions and procedures in this package. Again the actual function or procedure parameters that are vulnerable to SQL Injection are identified. This time Alex tells us that Oracle has fixed these bugs by using the new package DBMS_ASSERT.
"SQL Injection in package SYS.DBMS_METADATA_UTIL" - In this advisory 4 SQL injection bugs are fixed in 4 different functions or procedures. Again the parameters that are vulnerable to SQL Injection are identified and again these bugs have been fixed by using the new package DBMS_ASSERT.
There is a lot of information in these three new advisories that cover a further 23 SQL injection bugs. In fact it could be argued that the number of bugs is in fact higher as for instance in the last advisory listed 2 parameters are vulnerable in each function. Whilst Alex has stopped short of giving out exploit code there is enough information here to simply write exploits for non patched databases.
Again I urge everyone to patch as soon as possible, if you don'y you are vulnerable to a hige amount of bugs that are now public.