Vulnerabilities > CVE-2006-2505 - SQL Injection vulnerability in Oracle Database Server Release2

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
oracle
exploit available
NVD
Published: 2006-05-22
Updated: 2018-10-18

Summary

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Exploit-Db

  • descriptionOracle <= 10g Release 2 (DBMS_EXPORT_EXTENSION) Local SQL Exploit. CVE-2006-2081,CVE-2006-2505. Local exploits for multiple platform
    idEDB-ID:1719
    last seen2016-01-31
    modified2006-04-26
    published2006-04-26
    reporterN1V1Hd
    sourcehttps://www.exploit-db.com/download/1719/
    titleOracle <= 10g Release 2 DBMS_EXPORT_EXTENSION Local SQL Exploit
  • descriptionOracle 9i/10g DBMS_EXPORT_EXTENSION SQL Injection Exploit. CVE-2006-2081,CVE-2006-2505. Remote exploits for multiple platform
    idEDB-ID:3269
    last seen2016-01-31
    modified2007-02-05
    published2007-02-05
    reporterbunker
    sourcehttps://www.exploit-db.com/download/3269/
    titleOracle 9i/10g DBMS_EXPORT_EXTENSION SQL Injection Exploit

References