CVE-2006-2505

Oracle Database Server 10g Release 2 - SQL Injection

Title source: llm

Description

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

Exploits (2)

exploitdb WORKING POC VERIFIED

by bunker · perlremotemultiple

https://www.exploit-db.com/exploits/3269

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by N1V1Hd · textlocalmultiple

https://www.exploit-db.com/exploits/1719

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/432078/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/432354/100/0/threaded

[US Government Resource] http://www.kb.cert.org/vuls/id/932124

[Exploit, Vendor Advisory] http://secunia.com/advisories/19860

[Exploit] http://www.securityfocus.com/bid/17699

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/432355/100/0/threaded

Scores

EPSS 0.0175

EPSS Percentile 82.6%

Details

Status published

Products (1)

oracle/database_server release_2

Published May 22, 2006

Tracked Since Feb 18, 2026