10 Database Security Threats Every IT Administrator Should Know - Database - News & Reviews - eWeek.com | eWeek

10 Database Security Threats Every IT Administrator Should Know

10 Database Security Threats Every IT Administrator Should Know
Verfasst von
Brian Prince
Brian Prince
Jun 22, 2010
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren


10 Database Security Threats Every IT Administrator Should Know

1

by Brian Prince


Default, Blank & Weak Username&47;Password

2

Microsoft SQL Server Blank & Default PasswordDefault Oracle Username and PasswordIBM DB2 Default Admin Password


SQL Injections

3

SQL Injection Vulnerability in Oracle Database “SYS.DBMS_AQIN”SQL injection vuln in Oracle 10gR1 database using SYS.DBMS_STREAMS_AUTHSQL Injection in Oracle with “.ALTER_AUTOLOG_CHANGE_SOURCE” function


Extensive User & Group Privilege

4

BUILTINAdministrator member of SYSADMIN fixed server role in MS SQLServerPrivileged Role Assignment in MS SQLServerOracle Account Root Privilege Escalation


Unnecessary Enabled Database Features

5

Microsoft SQL Server Permission Granted on xp_cmdshellMicrosoft SQL Server xp_cmdshell Not Removed or Not DisabledMicrosoft SQL Server OLEDB Ad Hoc Query Allowed


Advertisement

Broken Configuration Management

6

Sybase current audit tableOracle Configuration Manager Installed on a production systemMicrosoft SQL Server PPS configuration


Buffer Overflows

7

SYS.OLAPIMPL_T.ODCITABLESTART Buffer Overflow in Oracle 9iR1 and 9iR2EXECUTE privilege on DBMS_AQELM can lead to Buffer Overflow in Oracle DBIBM Lotus Domino IMAP Cram-MD5 Buffer Overflow


Privilege Escalation

8

SQL Injection in Oracle DBMS_AQIN allows users to escalate privilegeSQL Injection in Oracle AQADM_SYS allows users to escalate privilegeMySQL Privilege Escalation through RENAME statement


Denial of Service Attacks

9

Oracle Denial of service DoS in SYS.KUPF$FILE_INTMySQL Hello packet Denial of Service DoSMySQL authenticated user Denial of Service DoS via federated engine


Unpatched Databases

10

Oracle Critical Patch Update CPULatest Sybase patch not appliedMS SQL Server service pack and hot fix


Unencrypted Sensitive Data – at Rest and in Motion

11

Oracle Network Encryption RequiredDomino Server Full Text Indexed Field In Encrypted DatabaseUnencrypted listener password in Oracle

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.