ID CVE-2006-5338 Type cve Reporter NVD Modified 2016-04-29T21:59:05
Description
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5338", "history": [], "references": ["http://www.securityfocus.com/archive/1/archive/1/449509/100/0/threaded", "http://www.us-cert.gov/cas/techalerts/TA06-291A.html", "http://www.vupen.com/english/advisories/2006/4065", "http://securitytracker.com/id?1017077", "http://www.securityfocus.com/archive/1/archive/1/449711/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/449110/100/0/threaded", "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_sqltune_internal.html", "http://www.securityfocus.com/bid/20588", "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"], "lastseen": "2016-09-03T07:42:26", "bulletinFamily": "NVD", "title": "CVE-2006-5338", "cpe": ["cpe:/a:oracle:database_server:10.1.0.5", "cpe:/a:oracle:database_server:10.2.0.0"], "viewCount": 0, "id": "CVE-2006-5338", "hash": "0796ee044f510316fd9079299ebcf0d102d1eaf5d5f8b3e5d99432b6daeb5f29", "description": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2006-5338"], "scanner": [], "modified": "2016-04-29T21:59:05", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2006-10-17T21:07:00", "enchantments": {"vulnersScore": 10.0}}
{"result": {"osvdb": [{"id": "OSVDB:31451", "type": "osvdb", "title": "Oracle Database Core RDBMS DBMS_SQLTUNE_INTERNAL Multiple Variable SQL Injection", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\nSecurity Tracker: 1017077\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\n[Related OSVDB ID: 31500](https://vulners.com/osvdb/OSVDB:31500)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0388.html\nKeyword: DB10\nFrSIRT Advisory: ADV-2006-4065\n[CVE-2006-5338](https://vulners.com/cve/CVE-2006-5338)\nBugtraq ID: 20588\n", "published": "2006-10-18T06:18:53", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:31451", "cvelist": ["CVE-2006-5338"], "lastseen": "2017-04-28T13:20:27"}], "nessus": [{"id": "ORACLE_RDBMS_CPU_OCT_2006.NASL", "type": "nessus", "title": "Oracle Database Multiple Vulnerabilities (October 2006 CPU)", "description": "The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :\n\n - Change Data Capture (CDC)\n\n - Core RDBMS\n\n - Database Scheduler\n\n - Oracle Spatial\n\n - XMLDB", "published": "2011-11-16T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56054", "cvelist": ["CVE-2006-5337", "CVE-2006-5342", "CVE-2006-5333", "CVE-2006-5341", "CVE-2006-5332", "CVE-2006-5344", "CVE-2006-5335", "CVE-2006-5336", "CVE-2006-5338", "CVE-2006-5345", "CVE-2006-5334", "CVE-2006-5340", "CVE-2006-5343", "CVE-2006-5339"], "lastseen": "2017-10-29T13:34:06"}]}}
