British security researcher David Litchfield is raising an alert for a brand-new class of vulnerabilities affecting Oracle database products. Litchfield, a database security expert who has clashed with Oracle in the past, went public with the discovery in a research paper that warns that <A HREF="http://www.eweek.com/article2/0,1895,2064828,00.asp?kc=EWNAVEMNL112906EOAD">dangling cursors in database code</A> can be manipulated and used to expose sensitive data. The attack technique--called "dangling cursor snarfing"--can be launched if developers fail to close cursors created and used by DBMS_SQL, the Oracle package that provides an interface for using dynamic SQL to parse data manipulations or data definition languages.