Oracle database is prone to a privilege escalation vulnerability. A user with 'create job' privileges can switch the 'session_user' to 'SYS'.

This story continues at http://www.dbasupport.com/oracle/new...vEsc_vul.shtml