CVE-2006-0257SQL Injection in Oracle Database Server

4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
1.2%
top 20.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedJan 18
Latest updateMay 1

Description

Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDoracle/database_server10.1.0.5, 10.2.0.1, 9.2.0.7+2

Patches

Patch: securitytracker.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-h9cg-xhj3-mjmj: Unspecified vulnerability in the Change Data Capture component of Oracle Database server 92022-05-01
CVEList
CVE-2006-0257: Unspecified vulnerability in the Change Data Capture component of Oracle Database server 92006-01-18

💬Community

1
Bugzilla
CVE-2006-0323 RealPlayer SWF file buffer overflow2006-03-03
CVE-2006-0257 — SQL Injection in Oracle Database Server | cvebase