Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
low complexity
oracle
nessus
Published: 2006-02-04
Updated: 2017-07-20
Summary
SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260.
Vulnerable Configurations
Part | Description | Count |
Application | Oracle | 1 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_JAN_2006.NASL |
description | The remote Oracle database server is missing the January 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Change Data Capture - Connection Manager - Data Pump - Data Pump Metadata API - Dictionary - Java Net - Net Foundation Layer - Net Listener - Network Communications (RPC) - Oracle HTTP Server - Oracle Label Security - Oracle Text - Oracle Workflow Cartridge - Program Interface Network - Protocol Support - Query Optimizer - Reorganize Objects & Convert Tablespace - Security - Streams Apply - Streams Capture - Streams Subcomponent - TDE Wallet - Upgrade & Downgrade - XML Database |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56051 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56051 |
title | Oracle Database Multiple Vulnerabilities (January 2006 CPU) |