CVE-2006-0259Oracle Database Server vulnerability

9 documents3 sources
Severity
10.0CRITICALNVD
NVD7.5
EPSS
1.2%
top 21.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedJan 18
Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDoracle/database_server4 versions+3

Patches

Patch: secunia.comPatch: www.kb.cert.orgPatch: www.securityfocus.com

🔴Vulnerability Details

6
GHSA
GHSA-63c4-h6jq-3fj3: SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrar2022-05-01
GHSA
GHSA-rmm4-fh7h-3246: Multiple unspecified vulnerabilities in Oracle Database server 102022-05-01
GHSA
GHSA-ff55-4qfm-2hmv: SQL injection vulnerability in the SYS2022-05-01
CVEList
CVE-2006-0549: SQL injection vulnerability in the SYS2006-02-04
CVEList
CVE-2006-0551: SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrar2006-02-04
CVE-2006-0259 — Oracle Database Server vulnerability | cvebase