CVE-2006-0265 — Oracle Database Server vulnerability

7 documents4 sources

Severity

10.0CRITICALNVD

NVD7.5

EPSS

2.8%

top 13.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedJan 18

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML funct…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server8 versions+7

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-6cwf-mhf4-8884: Multiple unspecified vulnerabilities in Oracle Database server 8↗2022-05-01

▶

GHSA

GHSA-559x-r5hp-v76r: Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit l↗2022-05-01

▶

CVEList

CVE-2006-0547: Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit l↗2006-02-04

▶

CVEList

CVE-2006-0265: Multiple unspecified vulnerabilities in Oracle Database server 8↗2006-01-18

▶

📐Framework References

OWASP

Testing for Oracle↗

▶