CVE-2006-1869

Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln DB04...

CVE-2006-1867

Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln DB02...

CVE-2006-1871

CVE-2006-1871 is a SQL injection vulnerability in Oracle Database Server (versions 9.2.0.7 and 10.1.0.5) that allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package. The issue is documented with an impact assessm...

CVE-2006-1866

Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the 1 Advanced Replication component, as identified by Vuln DB01, and 2 Oracle Spatial component, as identified by Vuln DB10. NOTE:...

CVE-2006-1870

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln DB05. NOTE: details are unavailable from Oracle, but as of 20060427, they have not publicly commented on whether DB05 is th...

CVE-2006-1869

CVE-2006-1869: Unspecified vulnerability in Oracle Database Server versions 8.1.7.4 and 9.0.1.5 affects the Dictionary component (DB04). The initial description notes unknown impact and attack vectors; connected documents corroborate that this vulnerability is associated with Oracle’s Dictionary,...

CVE-2006-1874

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVTIDX using the 1 EXECUTEINSERT, 2...

CVE-2006-1876

Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researche...

Oracle Order Capture vulnerability

Overview An unspecified vulnerability in Oracle Order Capture may allow a remote, unauthenticated attacker to compromise system confidentiality. Description Oracle Order Capture contains a vulnerability. The details of this vulnerability are not clear. However, Oracle states this issue can allow ...

[Full-disclosure] SQL Injection in package SYS.DBMS_LOGMNR_SESSION

Name SQL Injection in package SYS.DBMSLOGMNRSESSION Systems Affected Oracle Database Severity Medium Risk Category SQL Injection DB06 Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 April 2006 V 1.00 Oracle Bugid 6980723 Details The package...

Oracle Reporting Framework vulnerability

Overview An unspecified vulnerability in the Oracle Reporting Framework may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Reporting Framework contains a vulnerability.The details of this vulnerability are not clear. However, Oracle...

Buffer overflow

Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view...

CVE-2006-1705

Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view...

Sql injection

SQL injection vulnerability in the SYS.DBMSMETADATAUTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being...

Buffer overflow

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTHALTERSESSION attribute in the authentication phase of t...

Sql injection

SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...

Sql injection

SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it...

CVE-2006-0551

SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it...

CVE-2006-0548

SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...

CVE-2006-0549

SQL injection vulnerability in the SYS.DBMSMETADATAUTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being...