CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2006-1876
https://notcve.org/view.php?id=CVE-2006-1876
20 Apr 2006 — Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package. Vulnerabilidad no especificada en Oracle Database Server 9.2.0.7 and ... • http://secunia.com/advisories/19712 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2006-1871
https://notcve.org/view.php?id=CVE-2006-1871
20 Apr 2006 — SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. Vulnerabilidad de inyección de Oracle Database Server 9.2.0.7 y 10.1.0.5 permite a atacantes remotos ejecutar órdenes SQL de su elección mediante la función DELETE_FROM_TALBE en el paquete DBMS_LOGMNGR_SESSION (Log Miner), tcc Vuln# DB06. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045280.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2006-0547
https://notcve.org/view.php?id=CVE-2006-0547
04 Feb 2006 — Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been ... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041464.html •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 1CVE-2006-0257
https://notcve.org/view.php?id=CVE-2006-0257
18 Jan 2006 — Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package. • http://secunia.com/advisories/18493 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2006-0266
https://notcve.org/view.php?id=CVE-2006-0266
18 Jan 2006 — Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19. • http://secunia.com/advisories/18493 •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2006-0268
https://notcve.org/view.php?id=CVE-2006-0268
18 Jan 2006 — Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21. • http://secunia.com/advisories/18493 •
CVSS: 10.0EPSS: 6%CPEs: 6EXPL: 0CVE-2006-0263
https://notcve.org/view.php?id=CVE-2006-0263
18 Jan 2006 — Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component. • http://secunia.com/advisories/18493 •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 0CVE-2006-0261
https://notcve.org/view.php?id=CVE-2006-0261
18 Jan 2006 — Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053. • http://secunia.com/advisories/18493 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2006-0267
https://notcve.org/view.php?id=CVE-2006-0267
18 Jan 2006 — Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20. • http://secunia.com/advisories/18493 •
CVSS: 10.0EPSS: 4%CPEs: 10EXPL: 0CVE-2006-0282
https://notcve.org/view.php?id=CVE-2006-0282
18 Jan 2006 — Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component. • http://secunia.com/advisories/18493 •