10 Database Security Threats Every IT Administrator Should Know - Database - News & Reviews - eWeek.com | eWeek

10 Database Security Threats Every IT Administrator Should Know

10 Database Security Threats Every IT Administrator Should Know
Écrit par
Brian Prince
Brian Prince
Jun 22, 2010
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus


10 Database Security Threats Every IT Administrator Should Know

1

by Brian Prince


Default, Blank & Weak Username&47;Password

2

Microsoft SQL Server Blank & Default PasswordDefault Oracle Username and PasswordIBM DB2 Default Admin Password


SQL Injections

3

SQL Injection Vulnerability in Oracle Database “SYS.DBMS_AQIN”SQL injection vuln in Oracle 10gR1 database using SYS.DBMS_STREAMS_AUTHSQL Injection in Oracle with “.ALTER_AUTOLOG_CHANGE_SOURCE” function


Extensive User & Group Privilege

4

BUILTINAdministrator member of SYSADMIN fixed server role in MS SQLServerPrivileged Role Assignment in MS SQLServerOracle Account Root Privilege Escalation


Unnecessary Enabled Database Features

5

Microsoft SQL Server Permission Granted on xp_cmdshellMicrosoft SQL Server xp_cmdshell Not Removed or Not DisabledMicrosoft SQL Server OLEDB Ad Hoc Query Allowed


Advertisement

Broken Configuration Management

6

Sybase current audit tableOracle Configuration Manager Installed on a production systemMicrosoft SQL Server PPS configuration


Buffer Overflows

7

SYS.OLAPIMPL_T.ODCITABLESTART Buffer Overflow in Oracle 9iR1 and 9iR2EXECUTE privilege on DBMS_AQELM can lead to Buffer Overflow in Oracle DBIBM Lotus Domino IMAP Cram-MD5 Buffer Overflow


Privilege Escalation

8

SQL Injection in Oracle DBMS_AQIN allows users to escalate privilegeSQL Injection in Oracle AQADM_SYS allows users to escalate privilegeMySQL Privilege Escalation through RENAME statement


Denial of Service Attacks

9

Oracle Denial of service DoS in SYS.KUPF$FILE_INTMySQL Hello packet Denial of Service DoSMySQL authenticated user Denial of Service DoS via federated engine


Unpatched Databases

10

Oracle Critical Patch Update CPULatest Sybase patch not appliedMS SQL Server service pack and hot fix


Unencrypted Sensitive Data – at Rest and in Motion

11

Oracle Network Encryption RequiredDomino Server Full Text Indexed Field In Encrypted DatabaseUnencrypted listener password in Oracle

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.