Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14807
HistoryOct 26, 2006 - 12:00 a.m.

SQL Injection in package SYS.DBMS_CDC_IMPDP

2006-10-2600:00:00
vulners.com
4
JSON

Name SQL Injection in package SYS.DBMS_CDC_IMPDP [DB04]
Systems Affected Oracle 10g
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory 18 October 2006 (V 1.00)
Advisory http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_
cdc_impdp2.html

Details
#######
The package SYS.DBMS_CDC_IMPDP contains SQL injection vulnerabilities. Oracle fixed this by using dbms_assert.

Patch Information
#################
Apply the patches for Oracle CPU October 2006.

History
#######
1-nov-2005 Oracle secalert was informed .
18-oct-2006 Oracle published CPU October 2006 [DB04]
18-oct-2006 Advisory published

Additional Information
######################
An analysis of the Oracle CPU Oct 2006 is available here http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html

JSON