CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0CVE-2006-5339
https://notcve.org/view.php?id=CVE-2006-5339
Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB11 is related to "length checking" in the RELATE function before MD2.RELATE is called. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.4 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_geom, también conocido como Vuln# DB11. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB11 está relacionada con la "comprobación de longitud" en la función RELATE antes de que se llame a MD2.RELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVSS: 7.1EPSS: 2%CPEs: 3EXPL: 0CVE-2006-5342
https://notcve.org/view.php?id=CVE-2006-5342
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_tune, aka Vuln# DB18. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB18 might be related to SQL injection in the EXTENT_OF function. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 9.0.1.5, 9.2.0.6, y 10.1.0.3 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_tune, también conocido como Vuln# DB18. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB18 podría estar relacionado con inyección SQL en la función EXTENT_OF. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVSS: 7.1EPSS: 1%CPEs: 3EXPL: 0CVE-2006-5334
https://notcve.org/view.php?id=CVE-2006-5334
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote authenticated attack vectors related to mdsys.md2, aka Vuln# DB03. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB03 is related to one or more of (1) a buffer overflow in the (a) RELATE function or (2) SQL injection in the (b) TESSELATE_FIXED and (c) TESSELATE function. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 9.0.1.5, 9.2.0.7, y 10.1.0.5 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionado con mdsys.md2, también conocido como Vuln# DB03. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de queDB03 está relacionado con uno o más de (1) un desbordamiento de búfer en la función (a) RELATE o (2) inyección SQL en las funciones (b) RESSELATE_FIXED y (c) TESSELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 0CVE-2006-5341
https://notcve.org/view.php?id=CVE-2006-5341
Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors, aka (1) Vuln# DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB14 is for SQL injection in the PITRIG_DROP and PITRIG_DROPMETADATA functions in XDB_PITRIG_PKG, and DB15 is for SQL injection in DISABLE_HIERARCHY_INTERNAL in DBMS_XDBZ. Múltiples vulnerabilidades no especificadas en el componente XMLDB en Oracle Database 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque remoto autenticado remoto, también conocida como (1) Vuln# DB14 y (2) DB15 relacionado con xdb.dbms_xdbz. NOTA: a partir de 20061023, Oracle no ha disputado informes de terceras partes confiables sobre que DB14 es para inyección SQL en las funciones PITRIG_DROP y PITRIG_DROPMETADATA en XDB_PITRIG_PKG y DB15 es para inyección SQL en DISABLE_HIERARCHY_INTERNAL en DBMS_XDBZ. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/318764 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfoc •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 0CVE-2006-5332
https://notcve.org/view.php?id=CVE-2006-5332
Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure. Vulnerabilidad no especificada en xdb.dbms_xdbz en el componente XMLDB para Oracle Database 9.2.0.6 y 10.1.0.4 tiene impacto y vectores de ataque remotos autenticados desconocidos, también conocido como Vuln# DB01. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB01 es una inyección PL/SQL en el procedimiento ENABLE_HIERARCHY_INTERNAL. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/717140 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfoc •