Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3698 — SQL Injection in Oracle Database Server

6 documents4 sources

Severity

10.0CRITICALNVD

EPSS

25.9%

top 3.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Database Server

Timeline

PublishedJul 21

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCR…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server10.1.0.5

Patches

Patch: www.red-database-security.com ↗Patch: www.securityfocus.com ↗Patch: www.red-database-security.com ↗

🔴Vulnerability Details

GHSA

GHSA-c6w7-255v-jjv3: Multiple unspecified vulnerabilities in Oracle Database 10↗2022-05-01

▶

CVEList

CVE-2006-3698: Multiple unspecified vulnerabilities in Oracle Database 10↗2006-07-19

▶

💥Exploits & PoCs

Exploit-DB

Oracle 10g - KUPW$WORKER.MAIN SQL Injection (2)↗2007-02-26

▶

Exploit-DB

Oracle 10g - KUPW$WORKER.MAIN Grant/Revoke dba Permission↗2007-02-22

▶

Exploit-DB

Oracle 10g - SYS.KUPW$WORKER.MAIN PL / SQL Injection↗2007-01-23

▶