CVE-2006-0586

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-0586
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html Vendor Advisory
http://www.osvdb.org/22839
http://www.osvdb.org/22840
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html Vendor Advisory
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html
http://www.securityfocus.com/archive/1/422423/30/7370/threaded
http://www.securityfocus.com/archive/1/422424/30/7370/threaded
http://www.securityfocus.com/bid/16294
https://exchange.xforce.ibmcloud.com/vulnerabilities/24195
https://exchange.xforce.ibmcloud.com/vulnerabilities/24197
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html Vendor Advisory
http://www.osvdb.org/22839
http://www.osvdb.org/22840
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html Vendor Advisory
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html
http://www.securityfocus.com/archive/1/422423/30/7370/threaded
http://www.securityfocus.com/archive/1/422424/30/7370/threaded
http://www.securityfocus.com/bid/16294
https://exchange.xforce.ibmcloud.com/vulnerabilities/24195
https://exchange.xforce.ibmcloud.com/vulnerabilities/24197
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:application_server:10.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:10.1.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:personal_10.10.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5:*:*:*:*:*:*:*
History

21 Nov 2024, 00:06

Type Values Removed Values Added
References () http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html - Vendor Advisory () http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html - Vendor Advisory
References () http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html - Vendor Advisory () http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html - Vendor Advisory
References () http://www.osvdb.org/22839 - () http://www.osvdb.org/22839 -
References () http://www.osvdb.org/22840 - () http://www.osvdb.org/22840 -
References () http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html - Vendor Advisory () http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html - Vendor Advisory
References () http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html - () http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html -
References () http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html - () http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html -
References () http://www.securityfocus.com/archive/1/422423/30/7370/threaded - () http://www.securityfocus.com/archive/1/422423/30/7370/threaded -
References () http://www.securityfocus.com/archive/1/422424/30/7370/threaded - () http://www.securityfocus.com/archive/1/422424/30/7370/threaded -
References () http://www.securityfocus.com/bid/16294 - () http://www.securityfocus.com/bid/16294 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/24195 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/24195 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/24197 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/24197 -

07 Nov 2023, 01:58

Type Values Removed Values Added
References
  • {'url': 'http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html', 'name': 'http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • {'url': 'http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html', 'name': 'http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • () http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html -
  • () http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html -
Information

Published : 2006-02-08 01:02

Updated : 2024-11-21 00:06

NVD link : CVE-2006-0586

Mitre link : CVE-2006-0586

CVE.ORG link : CVE-2006-0586

JSON object : View

Products Affected

oracle

  • oracle10g
  • application_server
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024