Vulnerabilities > CVE-2006-2505 - SQL Injection vulnerability in Oracle Database Server Release2

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
oracle
exploit available

Summary

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Exploit-Db

  • descriptionOracle <= 10g Release 2 (DBMS_EXPORT_EXTENSION) Local SQL Exploit. CVE-2006-2081,CVE-2006-2505. Local exploits for multiple platform
    idEDB-ID:1719
    last seen2016-01-31
    modified2006-04-26
    published2006-04-26
    reporterN1V1Hd
    sourcehttps://www.exploit-db.com/download/1719/
    titleOracle <= 10g Release 2 DBMS_EXPORT_EXTENSION Local SQL Exploit
  • descriptionOracle 9i/10g DBMS_EXPORT_EXTENSION SQL Injection Exploit. CVE-2006-2081,CVE-2006-2505. Remote exploits for multiple platform
    idEDB-ID:3269
    last seen2016-01-31
    modified2007-02-05
    published2007-02-05
    reporterbunker
    sourcehttps://www.exploit-db.com/download/3269/
    titleOracle 9i/10g DBMS_EXPORT_EXTENSION SQL Injection Exploit