CVE-2006-5337
https://notcve.org/view.php?id=CVE-2006-5337
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque autenticado remoto desconocidos, también conocida como Vuln# DB09. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVE-2006-5335
https://notcve.org/view.php?id=CVE-2006-5335
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) Vuln# DB04 and sys.dbms_cdc_impdp in the (a) Change Data Capture (CDC) component; (2) Vuln# DB07, (3) DB08, and (4) DB16 in sys.dbms_cdc_isubscribe in CDC; and (5) mdsys.sdo_geor_int in the (b) Oracle Spatial component, aka DB12. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that these issues are related to SQL injection in the BUMP_SEQUENCE function (DB04), CREATE_SUBSCRIPTION (DB07), EXTEND_WINDOW_LIST (DB08), SUBSCRIBE (DB16), and COMPRESSDATA (DB12). Múltiples vulnerabilidades no especificadas en Oracle Database 10.1.0.5 y 10.2.0.2 tienen impacto y vectores de ataque remotos autenticados desconocidos relacionado con (1) Vuln# DB04 y sys.dbms_cdc_impdp en el (a) componente Change Data Capture (CDC); (2) Vuln# DB07, (3) DB08, y (4) DB16 en sys.dbms_cdc_isubscribe en CDC; y (5) mdsys.sdo_geor_int en el (b) componente Oracle Spatial, también conocido como DB12. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que estos problemas están relacionados con inyección SQL en la función BUMP_SEQUENCE (DB04), CREATE_SUBSCRIPTION (DB07), EXTEND_WINDOW_LIST (DB08), SUBSCRIBE (DB16), y COMPRESSDATA (DB12). • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/736324 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449511/100/100/threaded http://www.securityfocus.com/archive/ •
CVE-2006-5340
https://notcve.org/view.php?id=CVE-2006-5340
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package. Múltiples vulnerabilidades no especificadas en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque remoto autenticado remoto relacionado con (1) mdsys.sdo_lrs, también conocida como Vuln# DB13 y (2) Vuln# DB17. NOTA: a partir de 20061023, Oracle no ha disputado informes de terceras partes confiables sobre que DB13 está relacionado con eludir la validación de entrada para inyección SQL relacionada con convert_to_lrs_layer y dbms_assert y DB17 está relacionado con inyección SQL en el disparador en el paquete SDO_DROP_USER. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00489.html http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00500.html http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/869292 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www. •
CVE-2006-3698 – Oracle 10g - SYS.KUPW$WORKER.MAIN PL / SQL Injection
https://notcve.org/view.php?id=CVE-2006-3698
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER. Múltiples vulnerabilidades no especificadas en Oracle Database 10.1.0.5 tienen un impacto desconocido y vectores de ataque, también conocido como Oracle Vuln# (1) DB01 para el componente Change Data Capture (CDC) y (2) DB03 para Data Pump Metadata API. NOTA: en fecha de 20060719, Oracle no ha cuestionado la demanda de un investigador confiable que DB01 está relacionado con múltiples vulnerabilidades de inyección SQL en SYS.DBMS_CDC_IMPDP utilizando los procedimientos (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, y (j) VALIDATE_SUBSCRIPTION, y que DB03 es para inyección SQL en el proceso MAIN para SYS.KUPW$WORKER. • https://www.exploit-db.com/exploits/3178 https://www.exploit-db.com/exploits/3358 https://www.exploit-db.com/exploits/3375 http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047994.html http://secunia.com/advisories/21111 http://secunia.com/advisories/21165 http://securitytracker.com/id?1016529 http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html http://www.red-database-security •
CVE-2006-3705
https://notcve.org/view.php?id=CVE-2006-3705
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE. Múltiples vulnerabilidades no especificadas en Oracle Database 10.1.0.5 tiene un impacto desconocido y vectores de ataque, también conocido como Oracle Vuln# (1) DB21 para Statistics y (2) DB22 para Upgrade & Downgrade. NOTA: en fecha 20060719, Oracle no ha disputado este asunto por un investigador creible que DB21 es para vulnerabildades de inyección SQL local en SYS.DBMS_STATS, y que DB22 es para inyección SQL en SYS.DBMS_UPGRADE. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047992.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047993.html http://secunia.com/advisories/21111 http://secunia.com/advisories/21165 http://securityreason.com/securityalert/1251 http://securitytracker.com/id?1016529 http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html http://www.red-database-security.com/advisory/ora •