CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2006-5337
https://notcve.org/view.php?id=CVE-2006-5337
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque autenticado remoto desconocidos, también conocida como Vuln# DB09. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 0CVE-2006-5335
https://notcve.org/view.php?id=CVE-2006-5335
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) Vuln# DB04 and sys.dbms_cdc_impdp in the (a) Change Data Capture (CDC) component; (2) Vuln# DB07, (3) DB08, and (4) DB16 in sys.dbms_cdc_isubscribe in CDC; and (5) mdsys.sdo_geor_int in the (b) Oracle Spatial component, aka DB12. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that these issues are related to SQL injection in the BUMP_SEQUENCE function (DB04), CREATE_SUBSCRIPTION (DB07), EXTEND_WINDOW_LIST (DB08), SUBSCRIBE (DB16), and COMPRESSDATA (DB12). Múltiples vulnerabilidades no especificadas en Oracle Database 10.1.0.5 y 10.2.0.2 tienen impacto y vectores de ataque remotos autenticados desconocidos relacionado con (1) Vuln# DB04 y sys.dbms_cdc_impdp en el (a) componente Change Data Capture (CDC); (2) Vuln# DB07, (3) DB08, y (4) DB16 en sys.dbms_cdc_isubscribe en CDC; y (5) mdsys.sdo_geor_int en el (b) componente Oracle Spatial, también conocido como DB12. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que estos problemas están relacionados con inyección SQL en la función BUMP_SEQUENCE (DB04), CREATE_SUBSCRIPTION (DB07), EXTEND_WINDOW_LIST (DB08), SUBSCRIBE (DB16), y COMPRESSDATA (DB12). • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/736324 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449511/100/100/threaded http://www.securityfocus.com/archive/ •
CVSS: 7.1EPSS: 75%CPEs: 5EXPL: 0CVE-2006-5340
https://notcve.org/view.php?id=CVE-2006-5340
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package. Múltiples vulnerabilidades no especificadas en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque remoto autenticado remoto relacionado con (1) mdsys.sdo_lrs, también conocida como Vuln# DB13 y (2) Vuln# DB17. NOTA: a partir de 20061023, Oracle no ha disputado informes de terceras partes confiables sobre que DB13 está relacionado con eludir la validación de entrada para inyección SQL relacionada con convert_to_lrs_layer y dbms_assert y DB17 está relacionado con inyección SQL en el disparador en el paquete SDO_DROP_USER. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00489.html http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00500.html http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/869292 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www. •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2006-3702
https://notcve.org/view.php?id=CVE-2006-3702
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081. Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, y 10.2.0.2 tienen un impacto desconocido y vectores de ataque, también conocido como Oracle Vuln# (1) DB06 en Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 para Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, y (16) DBC04 para RPC; y(17) DB20 para Semantic Analysis. NOTA: en fecha 20060719, Oracle no ha disputado a terceros que DB06 está relacionado con la “inyección SQL” utilizando DBMS_EXPORT_EXTENSION con una rutina ODCIIndexGetMetadata y una llamada a GET_DOMAIN_INDEX_METADATA, en cuyo caso DB06 podría estar CVE-2006-2081. • http://secunia.com/advisories/21111 http://secunia.com/advisories/21165 http://securitytracker.com/id?1016529 http://www.kb.cert.org/vuls/id/932124 http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html http://www.securityfocus.com/archive/1/440758/100/100/threaded http://www.securityfocus.com/bid&# •
CVSS: 10.0EPSS: 1%CPEs: 46EXPL: 0CVE-2006-1884
https://notcve.org/view.php?id=CVE-2006-1884
Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01. • http://secunia.com/advisories/19712 http://secunia.com/advisories/19859 http://securitytracker.com/id?1015961 http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html http://www.securityfocus.com/archive/1/432267/100/0/threaded http://www.securityfocus.com/bid/17590 http://www.vupen.com/english/advisories/2006/1397 http://www.vupen.com/english/advisories/2006/1571 https://exchange.xforce.ibmcloud.com/vulnerabilities/26058 •