Page 21 of 122 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2006-0551

https://notcve.org/view.php?id=CVE-2006-0551

SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0259 or, if it is DB05, subsumed by CVE-2006-0260. • http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf http://www.kb.cert.org/vuls/id/983340 http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html http://www.us-cert.gov/cas/techalerts/TA06-018A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 •

CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0

CVE-2006-0263

https://notcve.org/view.php?id=CVE-2006-0263

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component. • http://secunia.com/advisories/18493 http://secunia.com/advisories/18608 http://securitytracker.com/id?1015499 http://www.kb.cert.org/vuls/id/545804 http://www.kb.cert.org/vuls/id/870172 http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html http://www.osvdb.org/22547 http://www.osvdb.org/22550 http://www.osvdb.org/22551 http://www.securityfocus.com/bid/16287 http://www.us-cert.gov/cas/techalerts/TA06-018A.html http://www.vupen.com/ •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2006-0268

https://notcve.org/view.php?id=CVE-2006-0268

Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21. • http://secunia.com/advisories/18493 http://secunia.com/advisories/18608 http://securitytracker.com/id?1015499 http://www.kb.cert.org/vuls/id/545804 http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html http://www.securityfocus.com/bid/16287 http://www.vupen.com/english/advisories/2006/0243 http://www.vupen.com/english/advisories/2006/0323 https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1

CVE-2006-0260

https://notcve.org/view.php?id=CVE-2006-0260

Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package. • http://secunia.com/advisories/18493 http://secunia.com/advisories/18608 http://securitytracker.com/id?1015499 http://www.kb.cert.org/vuls/id/545804 http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html http://www.osvdb.org/22543 http://www.osvdb.org/22637 http://www.osvdb.org/22643 http://www.securityfocus.com/bid/16287 http://www.vupen.com/english/advisories/2006/0243 http://www.vupen.com/english/advisories/2006/0323 https://exchange.xforce •

CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 1

CVE-2006-0265

https://notcve.org/view.php?id=CVE-2006-0265

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS. • http://secunia.com/advisories/18493 http://secunia.com/advisories/18608 http://securitytracker.com/id?1015499 http://www.kb.cert.org/vuls/id/545804 http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html http://www.osvdb.org/22555 http://www.osvdb.org/22639 http://www.osvdb.org/22640 http://www.osvdb.org/22641 http://www.osvdb.org/22642 http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html http://www.securityfocus.com/bid/ •