Oracle listener is installed with provisions for the user to change the locations of the log and trace files. This could lead to a compromised system if a crafted command was constructed through the listener process.
The commands SET LOG_FILE and SET TRC_FILE allow the log and trace files, respectively, to which the listener program writes, to be modified dynamically while the listener program is running. The listener process can be configured to append and/or/overwrite logging and tracing information to any operating system file that can be written by the Oracle owner and potentially introduce malicious code into the operating system.
Refer to Oracle Listerner Alert