Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2505Oracle Database Server vulnerability

5 documents4 sources
Severity
3.6LOWNVD
EPSS
1.8%
top 17.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Database Server
Timeline
PublishedMay 22
Latest updateMay 1

Description

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

NVDoracle/database_serverrelease_2

🔴Vulnerability Details

2
GHSA
GHSA-475x-r72w-8xq4: Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argum2022-05-01
CVEList
CVE-2006-2505: Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argum2006-05-22

💥Exploits & PoCs

2
Exploit-DB
Oracle 9i/10g - DBMS_EXPORT_EXTENSION SQL Injection2007-02-05
Exploit-DB
Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL2006-04-26
CVE-2006-2505 — Oracle Database Server vulnerability | cvebase