CVE-2006-0586 – Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL / SQL Injection
https://notcve.org/view.php?id=CVE-2006-0586
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. Múltiples vulnerabilidades de inyección SQL en Oracle 10g Release 1 en versiones anteriores a CPU de Enero de 2006 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de parámetros múltiples en funciones (1) ATTACH_JOB, (2) HAS_PRIVS y (3) OPEN_JOB en el paquete SYS.KUPV$FT; y funciones (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK y (16) VALID_HANDLE en el paquete SYS.KUPV$FT_INT. NOTA: debido a la falta de detalles relevantes en la recomendación de Oracle, se está creando una CVE separada ya que no se puede probar concluyentemente que estas cuestiones hayan sido dirigidas por Oracle. • https://www.exploit-db.com/exploits/3179 https://www.exploit-db.com/exploits/3359 https://www.exploit-db.com/exploits/3376 http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html http://www.osvdb.org/22839 http://www.osvdb.org/22840 http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2005-4832 – Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection
https://notcve.org/view.php?id=CVE-2005-4832
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197. • https://www.exploit-db.com/exploits/25452 https://www.exploit-db.com/exploits/25453 https://www.exploit-db.com/exploits/3378 https://www.exploit-db.com/exploits/3364 http://www.appsecinc.com/resources/alerts/oracle/2005-02.html http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf http://www.securityfocus.com/archive/1/396133 http:/ •