The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection.

http://www.securiteam.com/securitynews/6P00M0UK0E.html