CVE-2006-1874

Severity

75%

Complexity

99%

Confidentiality

106%

Apply patches.

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions.

Apply patches.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

オラクル データベースサーバ

First reported 18 years ago

2006-04-20 10:02:00

Last updated 6 years ago

2018-10-18 16:37:00

Affected Software

Oracle Database Server 8.1.7.4

8.1.7.4

オラクル データベースサーバ 9.0.1.5

9.0.1.5

Oracle Database Server 9.2.0.6

9.2.0.6

References

19712

Vendor Advisory

19859

Vendor Advisory

1015961

http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html

http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html

SSRT061148

17590

Exploit

ADV-2006-1397

Vendor Advisory

ADV-2006-1571

Vendor Advisory

oracle-prvtidx-sql-injection(26053)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.