4 matches found
EUVD-2006-0267
Malware in sbrugna...
Oracle Database Server SYS.DBMS_METADATA_UTIL Package SQL Injection (CVE-2006-0260)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Sql injection
SQL injection vulnerability in the SYS.DBMSMETADATAUTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being...
Oracle Database SYS.DBMS_METADATA_UTIL package SQL injection vulnerability
Overview Oracle Database SYS.DBMSMETADATAUTIL package vulnerable to SQL injection. Description The Oracle Database SYS.DBMSMETADATAUTIL package fails to properly filter user-supplied input. This may allow a remote attacker to insert arbitrary SQL commands, which may be executed by the database. W...