Oracle Database Server MDSYS.SDO_LRS Package SQL Injection (CVE-2006-5340)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

SQL Injection in Oracle package MDSYS.SDO_LRS

Name SQL Injection in package MDSYS.SDOLRS 7569081 DB13 Systems Affected Oracle 9i Rel. 2 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 October 2006 V 1.00 Advisory...

Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection

Overview The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection...

CVE-2006-5340

Oracle Database Spatial component vulnerabilities (CVE-2006-5340) affect multiple releases (8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, 10.2.0.2). The issue is linked to the MDSYS.SDO_LRS package, specifically the convert_to_lrs_layer function, and to a vulnerability elsewhere in the Spatial stack (DB17...