Oracle Database Server Vulnerability - CVE-2006-0271
Unspecified vulnerability in the Upgrade amp Downgrade component of Oracle Database server 8.1.7.4 9.0.1.5 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors as identified by Oracle Vuln DB28. NOTE: details are unavailable from Oracle but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT (2) GET_COMP_OPTION (3) DISABLE_DDL_TRIGGERS (4) SCRIPT_EXISTS (5) COMP_PATH (6) GATHER_STATS (7) NOTHING_SCRIPT and (8) VALIDATE_COMPONENTS functions.