| ID |
CVE-2006-5336
|
| Summary |
Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:database_server:10.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.2.0.2:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.0 (as of 17-10-2018 - 21:42) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
SINGLE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| refmap
via4
|
|
| saint
via4
|
| bid | 20588 | | description | Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow | | id | database_oracle_version | | osvdb | 31462 | | title | oracle_spatial_transform_layer | | type | remote |
|
| Last major update |
17-10-2018 - 21:42 |
| Published |
18-10-2006 - 01:07 |
| Last modified |
17-10-2018 - 21:42 |
