CVE-2005-1197
published 2005-05-02CVE-2005-1197: SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
| oracle | oracle10g | — | — |
GHSA
GHSA-cx2w-jvrm-6q8q: SQL injection vulnerability in the SYS
ghsa_unreviewed·2022-05-01
CVE-2005-1197 [HIGH] GHSA-cx2w-jvrm-6q8q: SQL injection vulnerability in the SYS
SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.
GHSA
GHSA-hchr-g8fg-g2r7: SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privil
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-4832 [HIGH] GHSA-hchr-g8fg-g2r7: SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privil
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111385690419118&w=2http://www.kb.cert.org/vuls/id/948486http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdfhttp://www.us-cert.gov/cas/techalerts/TA05-117A.htmlhttp://marc.info/?l=bugtraq&m=111385690419118&w=2http://www.kb.cert.org/vuls/id/948486http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdfhttp://www.us-cert.gov/cas/techalerts/TA05-117A.html
2005-05-02
Published