Oracle released 14 software patches to sort out vulnerabilities in its databases and application server software, as well as releasing a tool to identify commonly used default passwords that could be misused by hackers.
That’s because earlier versions of Oracle databases used well-known default passwords and usernames, which could offer a problem to any users who still rely on older databases or have upgraded from an older versions that included the default passwords.
The password scanner is actually a SQL script that scans a database and then prints out the names of the default accounts if they're unlocked.
Several of the bugs that Oracle is patching as part of the quarterly update could be easily exploited in a widespread manner, Oracle said, including a previously disclosed vulnerability in the PL/SQL gateway software used to integrate Oracle's database with Web-based applications.
However, some Oracle security specialists insisted there are still a large number of unpatched bugs in Oracle’s products, including one unfixed vulnerability from February 2005.
Sometimes, it seems security researchers cause more problems for vendors than the hackers, with their announcements of vulnerabilities timed to create the maximum disruption and embarrassment. However, if the vulnerabilities weren’t there in the first place, then vendors wouldn’t have the headaches. And nor would the users.