4 matches found
Oracle Database Server SYS.DBMS_METADATA_UTIL Package SQL Injection (CVE-2006-0260)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Sql injection
SQL injection vulnerability in the SYS.DBMSMETADATAUTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being...
Sql injection
SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...
CVE-2006-0260
CVE-2006-0260 affects Oracle Database Server 9.2.0.7 and 10.1.0.5. The issue is described as a SQL injection vulnerability in SYS.DBMS_METADATA_UTIL (and related DBMS_METADATA packages) caused by insufficient input validation in multiple functions (e.g., LONG2VARCHAR/DBMS_METADATA_UTIL; MAKE_FILT...