Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-4832

Published: 31/12/2005 Updated: 29/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 770
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oracle10g

Vulnerability Summary

SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle oracle10g enterprise_9.0.4_.0

oracle oracle10g personal_10.1.0.2

oracle oracle10g personal_9.0.4_.0

oracle oracle10g standard_10.1.0.2

oracle oracle10g standard_10.2.0.1

oracle oracle10g standard_10.2.3

oracle oracle10g enterprise_10.1.0.2

oracle oracle10g enterprise_10.1.0.3

oracle oracle10g personal_10.1.0.3

oracle oracle10g enterprise_10.2.3

oracle oracle10g enterprise_9.0.4.0

oracle oracle10g personal_10.2.3

oracle oracle10g personal_9.0.4.0

oracle oracle10g standard_10.1.0.5

oracle oracle10g standard_10.1_.0.2

oracle oracle10g personal_10.1.0.3.1

oracle oracle10g standard_10.1.0.3

oracle oracle10g standard_10.1.0.3.1

oracle oracle10g standard_9.0.4.0

oracle oracle10g standard_9.0.4_.0

oracle oracle10g enterprise_10.1.0.3.1

oracle oracle10g enterprise_10.1.0.4

oracle oracle10g personal_10.1.0.4

oracle oracle10g personal_10.1_.0.2

oracle oracle10g personal_10.10.3.1

oracle oracle10g standard_10.1.0.4

oracle oracle10g standard_10.1.0.4.2

Exploits

Exploit DB: Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (1)
source: wwwsecurityfocuscom/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data The 'SUBSCRIPTION_NAME' parameter is vulnerable Packages that employ this parameter execute with 'SYS' user privileges Exploiting the SQL-injection vulnerability can a ...
Exploit DB: Oracle 9i/10g ACTIVATE_SUBSCRIPTION - SQL Injection (2)
#!/usr/bin/perl # # Remote Oracle DBMS_CDC_SUBSCRIBEACTIVATE_SUBSCRIPTION exploit (9i/10g) # - Version 2 - New "evil cursor injection" tip! # - No "create procedure" privileg needed! # - See: wwwdatabasesecuritycom/ (Cursor Injection) # # Grant or revoke dba permission to unprivileged user # # Tested on "Oracle Database 10g Enterprise ...
Exploit DB: Oracle 9i/10g - ACTIVATE_SUBSCRIPTION SQL Injection
#!/usr/bin/perl # # Remote Oracle DBMS_CDC_SUBSCRIBEACTIVATE_SUBSCRIPTION exploit (9i/10g) # # Grant or revoke dba permission to unprivileged user # # Tested on "Oracle Database 10g Enterprise Edition Release 101030" # # REF: wwwsecurityfocuscom/archive/1/396133 # # AUTHOR: Andrea "bunker" Purificato # rawlab ...
Exploit DB: Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (2)
source: wwwsecurityfocuscom/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data The 'SUBSCRIPTION_NAME' parameter is vulnerable Packages that employ this parameter execute with 'SYS' user privileges Exploiting the SQL-injection vulnerability can ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/396133http://www.securityfocus.com/archive/1/404970http://www.appsecinc.com/resources/alerts/oracle/2005-02.htmlhttp://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txthttp://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sqlhttp://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdfhttp://www.securityfocus.com/bid/13236https://exchange.xforce.ibmcloud.com/vulnerabilities/20159https://nvd.nist.govhttps://www.exploit-db.com/exploits/25452/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook