Oracle zero-day vulnerability for sale

Sometimes I find zero-day vulnerabilities, also in Oracle RDBMS.

You can also google: "inurl:oracle.com yurichev"

This time I'm thinking about selling a proof-of-concept (or exploit). It's a small script that makes remote Oracle RDBMS hang/freeze. Usually called DoS (denial-of-service). Nothing special or important. Unfortunately, no access to remote data is possible.

But reporting it to Oracle's SecAlert team, you (and/or your company) can get mentioned in Oracle CPU reports, like in these: 1, 2. (Ctrl-F "Credit Statement".)

I'm going to sell my exploit/PoC/script to a highest bidder.

I will not mention anywhere that I once made it and had it. All rights will be transferred to a buyer.

Contact me.

(the post first published at 20250918.)

List of my other blog posts. Subscribe to my news feed,

If you enjoy my work, you can support it on patreon.

Some time ago (before 24-Mar-2025) there was Disqus JS script for comments. I dropped it --- it was so motley, distracting, animated, with too much ads. I never liked it. Also, comments din't appeared correctly (Disqus was buggy). Also, my blog is too chamberlike --- not many people write comments here. So I decided to switch to the model I once had at least in 2020 --- send me your comments by email (don't forget to include URL to this blog post) and I will copy&paste it here manually.

Let's party like it's ~1993-1996, in this ultimate, radical and uncompromisingly primitive pre-web1.0-style blog and website. This website is best viewed under lynx/links/elinks/w3m.