Description

Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package.

Remediation

References

CVE-2006-0257

Related Vulnerabilities

WordPress Plugin aoringo LOG maker Cross-Site Scripting (0.1.3)

WordPress Plugin WP24 Domain Check Cross-Site Scripting (1.6.2)

WordPress Plugin Payment Gateways Caller for WP e-Commerce Local File Inclusion (0.1)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3665)

ATutor Other Vulnerability (CVE-2014-9752)

Severity

Critical

Classification

CVE-2006-0257

Tags

Missing Update Known Vulnerabilities