4 matches found
Oracle DB SQL Injection Via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSCDCPUBLISH.CREATECHANGESET', 'Description' = %q The module exploits an sql injection flaw in the...
CVE-2010-2415
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/dbmscdcpublish3.rb 2025-02-06 03:13:39+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:48+00:00| seen|...
Oracle数据库CREATE_CHANGE_SET过程SQL注入漏洞
BUGTRAQ ID: 43956 CVE ID: CVE-2010-2415 Oracle是大型的商业数据库系统。 Oracle数据库的Change Data Capture组件中提供了一个DBMSCDCPUBLISH PL/SQL软件包,该软件包的CREATECHANGESET过程中存在SQL注入漏洞。恶意用户可以以特殊参数调用有漏洞的过程,导致以SYS用户的权限执行SQL语句。 利用这个漏洞要求拥有对SYS.DBMSCDCPUBLISH软件包的EXECUTE权限。默认下给予了EXECUTECATALOGROLE角色的用户拥有这个权限。 Oracle Database 11.2.0....
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
The module exploits an sql injection flaw in the CREATECHANGESET procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module requires...