CVE-2006-0260
Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package.
EPSS 1.35% · 80.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | database_server | 9.2.0.7, 10.1.0.5 |
| n/a | n/a | n/a |
Timeline
- Jan 18, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- oracle-january2006-update(24321) vdb
- 18493 third-party-advisory
- 22637 vdb
- ADV-2006-0323 vdb
- 16287 vdb
- VU#545804 third-party-advisory
- 1015499 vdb
- ADV-2006-0243 vdb
- 22543 vdb
- http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html url
- 18608 third-party-advisory
- 22643 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2006-0260 advisory