Описание
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-0268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31541
- http://osvdb.org/32907
- http://osvdb.org/32913
- http://osvdb.org/32921
- http://secunia.com/advisories/23794
- http://securitytracker.com/id?1017522
- http://www.kb.cert.org/vuls/id/221788
- http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
- http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html
- http://www.securityfocus.com/archive/1/458005/100/0/threaded
- http://www.securityfocus.com/archive/1/458475/100/100/threaded
- http://www.securityfocus.com/bid/22083
- http://www.us-cert.gov/cas/techalerts/TA07-017A.html
EPSS
CVE ID
Связанные уязвимости
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.
EPSS