CVE-2006-5336

Multiple unspecified vulnerabilities in the Change Data Capture CDC component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to 1 sys.dbmscdcipublish Vuln DB05 and 2 sys.dbmscdcisubscribe DB06. NOTE: as of 20061023, Oracle has not...

CVE-2006-5337

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln DB09...

CVE-2006-5343

Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack vectors related to sys.dbmsscheduler, aka Vuln DB19...

CVE-2006-5338

The CVE-2006-5338 entry concerns Oracle Database 10.1.0.5 Core RDBMS. The connected data confirms a vulnerability in the DBMS_SQLTUNE area (sys.dbms_sqltune or related internal components) that is associated with remote, authenticated access and is characterized by suspected SQL injection vectors...

CVE-2006-5335

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to 1 Vuln DB04 and sys.dbmscdcimpdp in the a Change Data Capture CDC component; 2 Vuln DB07, 3 DB08, and 4 DB16 in sys.dbmscdcisubscribe in CDC; and 5...

CVE-2006-5340

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to 1 mdsys.sdolrs, aka Vuln DB13, and 2 Vuln DB17. NOTE: as of 20061023, Oracle has not dispute...

CVE-2006-5345

Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdogeom, aka Vuln DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 i...

CVE-2006-5342

Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdotune, aka Vuln DB18. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB18...

CVE-2006-5339

CVE-2006-5339 affects the Oracle Spatial component of Oracle Database (versions 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.4). The vulnerability is linked to the mdsys.sdo_geom path and is related to a suspected length-checking issue before MD2.RELATE is called, as reported by third parties. The described...

CVE-2006-5338

Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbmssqltune, aka Vuln DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection ...

CVE-2006-5340

Oracle Database Spatial component vulnerabilities (CVE-2006-5340) affect multiple releases (8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, 10.2.0.2). The issue is linked to the MDSYS.SDO_LRS package, specifically the convert_to_lrs_layer function, and to a vulnerability elsewhere in the Spatial stack (DB17...

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

Oracle DBMS绕过登录访问控制漏洞

BUGTRAQ ID: 16287 CVECAN ID: CVE-2006-0256 Oracle Database是一款大型商业数据库系统。 Oracle Database的登录过程实现存在漏洞，远程攻击者可能在登录过程中对服务器进行SQL注入攻击。...

Oracle SYS.DBMS_METADATA_UTIL软件包SQL注入漏洞

Oracle Database是一款商业性质大型数据库系统。 Oracle SYS.DBMSMETADATAUTIL软件包的LONG2VARCHAR、LONG2VCMAX、LONG2VCNT和LONG2CLOB函数中存在4个SQL注入漏洞。成功利用这些漏洞的远程攻击者可以完全入侵受影响的数据库系统。 Oracle 10g Release 1 Oracle ------ Oracle已经为此发布了一个安全公告（cpujan2006）以及相应补丁: cpujan2006：Oracle Critical Patch Update - January 2006...

Oracle 10g R2 and, probably, all previous versions

I can't believe it. Oracle releases new patches and they have not been solved one of the main problems: A user with only the SELECT privilege can do WHATEVER SHE WANTS WITH THE ENTIRE DATABASE!!!! I'm not sure if is time to full disclosure it but, anyway, I will "full disclosure" one inocent issu...

Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]

Name SQL Injection in package SYS.DBMSCDCIMPDP 6980711 DB01 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Details The package SYS.DBMSCDCIMPDP contains...

Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]

Name SQL Injection in package SYS.DBMSCDCIMPDP 6980711 DB01 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Details The package SYS.DBMSCDCIMPDP contains...