David Litchfield will talk about Advanced Oracle Attack Techinques but as is usual with David he never releases details of his talks before hand. I would guess that this talk will explore some of the advanced exploit techniques covered in the recently published Oracle Hackers Handbook. Indirect attacks via triggers, timing based attacks or multi-stage / multi-component attacks.
Cesar Cerrudo will reveal at least one Oracle 0-day vulnerability and exploit code at Black Hat 2007 Washington DC. His presentation is called Practical 10 Minute Security Audit: The Oracle Case. He will demonstrate how to audit software to see if it can be trusted using free tools and point and clikc techniques. He will show how to locate a dozen or so local 0-day vulnerabilities and will demonstrate how vulnerabilities can be easily located in dissassembled code and he will demonstrate and explain a 0-Day exploit.
Me, I would like to be there but we have our second baby due at around the time of this conference so I will have more important things to do than get excited about Oracle security!