Oracle Database Server is "a family of database products that range from personal databases to enterprise solutions". Remote exploitation of a buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle Corp.'s Database 10gR2 could allow a user with an authenticated session to execute arbitrary code in the context of the database account.

http://www.securiteam.com/securitynews/6O0032AKAY.html