I just posted 2 new advisories for the July 2009 CPU from Oracle on my website.
The first advisory (CVE-2009-1021) is about PL/SQL Injection vulnerabilities in the package DBMS_EXPORT_EXTENSION. In July 2006 Oracle fixed already vulnerabilities in this package but the bugfix was not implemented properly.
The second advisory (CVE-2009-1969) is about an information disclosure problem in Oracle audit logs. In some cases these audit logs can contain password hashes.
Last Friday Denis Yurichev released 4 new advisories concerning the TNS Listener in Oracle 10g/11g. All advisories are explained with a proof-of-concept code.
The first and most critical bug (CVSS 9.0 Win/6.5 Linux) advisory (CVE-2009-1020) is remote exploitable but requires an authentication. All databases (9.2.08, 10.1.0.5, 10.2.0.4 and 11.1.0.7) are affected.
The second advisory (CVE-2009-1019) is remote exploitable without authentication. The P.o.C.of Denis creates a denial of service against the database. All databases (9.2.08, 10.1.0.5, 10.2.0.4 and 11.1.0.7) are affected.
The third advisory (CVE-2009-1963) is remote exploitable with authentication. The P.o.C.of Denis creates a denial of service against the database. 11.1.0.7 is affected.
The fourth advisory (CVE-2009-1970), remote exploitable without authentication, is a denial of service vulnerability against the database. Oracle 10.1.0.5, 10.2.0.4 and 11.1.0.6 are affected.