2 matches found
Oracle Database Server SQL Injection In Package SYS.KUPV (CVE-2006-0586)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
CVE-2006-0586
CVE-2006-0586 involves multiple SQL injection vulnerabilities in Oracle 10g Release 1 before the January 2006 CPU. The issues arise in the database server’s server-side packages SYS.KUPV$FT and SYS.KUPV$FT_INT, where insufficient sanitization of user-provided data allows remote attackers to execu...