Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Oracle Application Server Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2006-0586 - Vulnerability Database
Oracle Application Server

Oracle Application Server Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2006-0586

High
Reference: CVE-2006-0586
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2006-0586
Title: Oracle Application Server Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB (2) HAS_PRIVS and (3) OPEN_JOB functions in the SYS.KUPVFT package and (4) UPDATE_JOB (5) ACTIVE_JOB (6) ATTACH_POSSIBLE (7) ATTACH_TO_JOB (8) CREATE_NEW_JOB (9) DELETE_JOB (10) DELETE_MASTER_TABLE (11) DETACH_JOB (12) GET_JOB_INFO (13) GET_JOB_QUEUES (14) GET_SOLE_JOBNAME (15) MASTER_TBL_LOCK and (16) VALID_HANDLE functions in the SYS.KUPVFT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which if any Oracle Vuln identifiers apply to these issues.