Description
The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2766 Vulnerability (CVE-2018-2766)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3546)
WordPress Plugin Media Search Enhanced SQL Injection (0.6.0)
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4431)