[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253928

 
 

909

 
 

198006

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5332Date: (C)2006-10-17   (M)2023-12-22


Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication:
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017077
http://www.securityfocus.com/archive/1/archive/1/449110/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/449510/100/0/threaded
BID-20588
SECUNIA-22396
ADV-2006-4065
HPSBMA02133
SSRT061201
TA06-291A
VU#717140
http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html

CPE    2
cpe:/a:oracle:database_server:9.2.0.6
cpe:/a:oracle:database_server:10.1.0.4

© SecPod Technologies