Multiple high-risk vulnerabilities exist in Oracle9i Database Server, Oracle Database Server 10g, and many other Oracle products. They consist of one buffer overflow condition and numerous possible SQL injection attacks, many of which could be exploited by an intruder to gain complete control of the products.
Oracle released a Critical Patch Update to correct many (but not all) of the problems. The patch is applicable to numerous Oracle products due to interdependencies. All affected products are listed in Oracle's bulletin.