[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-2113

Date: (C)2007-04-18   (M)2016-04-05 


SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1017927
http://www.securityfocus.com/archive/1/archive/1/466153/100/0/threaded
BID-23532
ADV-2007-1426
SSRT061201
TA07-108A
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf
http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf
http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_upgrade_internal.html

CPE    1
cpe:/a:oracle:database_server:10.1.0.5
CWE    1
CWE-89

© 2013 SecPod Technologies