Published: 04/02/2006 Updated: 20/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote malicious users to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0259 or, if it is DB05, subsumed by CVE-2006-0260.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle database server 10.1.0.5
oracle database server 10.2.0.1
oracle database server 10.1.0.3
oracle database server 10.1.0.4

NVD-CWE-Other http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html http://www.us-cert.gov/cas/techalerts/TA06-018A.html http://www.kb.cert.org/vuls/id/983340 https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0551

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect