Computer Security

CVE-2005-4832
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2005-4832
StatusCandidate
DescriptionSQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
PhaseAssigned (03.03.2007)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4832
ReferencesBID : 13236
 BUGTRAQ : 20050418 [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages
 BUGTRAQ : 20050711 Re: Problems with the Oracle Critical Patch Update for April 2005
 CONFIRM : http://www.oracle.com/technology/deploy/security/p...
 MISC : http://www.appsecinc.com/resources/alerts/oracle/2...
 MISC : http://www.argeniss.com/research/OraDBMS_CDC_SUBSC...
 MISC : http://www.argeniss.com/research/OraDBMS_CDC_SUBSC...
 XF : oracle-subscriptionname-sql-injection(20159)
SecurityVulns:Multiple Oracle application server vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru