CVE-2006-1866 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1866
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1866

Description: Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that DB01 is an unknown issue in the DBMS_REPUTIL package, and DB10 is SQL injection in the INSERT_CATALOG, UPDATE_CATALOG, and DELETE_CATALOG functions of the SDO_CATALOG package.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26050 http://xforce.iss.net/xforce/xfdb/26054 ST 1015961 SAID Secunia Advisory: SA19712 Secunia Advisory: SA19859 MISC http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html HP http://www.securityfocus.com/archive/1/archive/1/432267/100/0/threaded CONFIRM http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html CERT-VN 139049 CERT http://www.us-cert.gov/cas/techalerts/TA06-109A.html BID 17590

Return to the previous page.