Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-0549

Published: 04/02/2006 Updated: 20/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Database Server

Vulnerability Summary

SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote malicious users to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle database server 10.1.0.5

Exploits

Exploit DB: Oracle 9i/10g DBMS_METADATA.GET_DDL - SQL Injection (2)
#!/usr/bin/perl # # Remote Oracle DBMS_METADATAGET_DDL exploit (9i/10g) # - Version 2 - New "evil cursor injection" tip! # - No "create procedure" privileg needed! # - See: wwwdatabasesecuritycom/ (Cursor Injection) # # Grant or revoke dba permission to unprivileged user # # Tested on "Oracle Database 10g Enterprise Edition Release 10 ...
Exploit DB: Oracle 9i/10g - DBMS_METADATA.GET_DDL SQL Injection
#!/usr/bin/perl # # Remote Oracle DBMS_METADATGET_DDL exploit (9i/10g) # # Grant or revoke dba permission to unprivileged user # # Tested on "Oracle Database 10g Enterprise Edition Release 101030" # # REF: wwwsecurityfocuscom/bid/16287 # # AUTHOR: Andrea "bunker" Purificato # rawlabmindcreationscom # # D ...

References

NVD-CWE-Otherhttp://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdfhttp://www.oracle.com/technology/deploy/security/pdf/cpujan2006.htmlhttp://www.red-database-security.com/advisory/oracle_cpu_jan_2006.htmlhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_metadata_util.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-018A.htmlhttp://www.kb.cert.org/vuls/id/629316https://exchange.xforce.ibmcloud.com/vulnerabilities/24321https://nvd.nist.govhttps://www.exploit-db.com/exploits/3377/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook