Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.142 views

Oracle DB SQL Injection Via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSCDCPUBLISH.CREATECHANGESET', 'Description' = %q The module exploits an sql injection flaw in the...

4.9CVSS7AI score0.09736EPSS
Exploits3
Circl
Circl
added 2018/05/29 3:50 p.m.13 views

CVE-2010-2415

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/dbmscdcpublish3.rb 2025-02-06 03:13:39+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:48+00:00| seen|...

4.9CVSS5.9AI score0.09736EPSS
Exploits3References1
seebug.org
seebug.org
added 2010/10/26 12:0 a.m.45 views

Oracle数据库CREATE_CHANGE_SET过程SQL注入漏洞

BUGTRAQ ID: 43956 CVE ID: CVE-2010-2415 Oracle是大型的商业数据库系统。 Oracle数据库的Change Data Capture组件中提供了一个DBMSCDCPUBLISH PL/SQL软件包,该软件包的CREATECHANGESET过程中存在SQL注入漏洞。恶意用户可以以特殊参数调用有漏洞的过程,导致以SYS用户的权限执行SQL语句。 利用这个漏洞要求拥有对SYS.DBMSCDCPUBLISH软件包的EXECUTE权限。默认下给予了EXECUTECATALOGROLE角色的用户拥有这个权限。 Oracle Database 11.2.0....

4.9CVSS6.4AI score0.09736EPSS
Exploits3
Metasploit
Metasploit
added 2010/10/15 12:20 a.m.29 views

Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET

The module exploits an sql injection flaw in the CREATECHANGESET procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module requires...

4.9CVSS0.4AI score0.09736EPSS
Exploits3
Rows per page
Query Builder