This major paper gives an overview of how to hack into Oracle and where the vulnerabilities lie covering all of the main parts of the RDBMS and associated tools pointing out potentially exploitable vulnerabilities. Also discussed briefly are SQL techniques for finding out what is in the database, where it is, how it's structured, how the database is protected, what to read, what permissions you have when you get an account and how to see and interpret the audit trail.

This paper is a posting made to www.securityfocus.com to show how incorrect setting of the Oracle parameter utl_file_dir can be exploited to read clear text passwords from the Oracle SGA.

This paper contains a table of default Oracle users, passwords and hashes. This table will be updated with any new default users and passwords as they become available. Pentest invites anyone to contribute with any new default users that are not included at present. Please email Pentest:oracle with any new data.

This short paper describes the issues that can arise if an Oracle application uses the system date SYSDATE for critical functionality and if it's possible for an attacker to alter the initialisation parameter fixed_date.

Interesting title!
Have you ever wanted to check if users are tampering with your Oracle PL/SQL source code stored within the database itself or even added or changed database objects? You can buy third party products to do this for the operating system files but how would you do it for your database objects ?

This article discusses a few ideas on how to make Oracle passwords that bit more secure.