CVE-2010-2415

Oracle Database Server - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.

Exploits (1)

metasploit WORKING POC

by MC · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA10-287A.html

Scores

EPSS 0.3653

EPSS Percentile 97.1%

Details

Status published

Products (4)

oracle/database_server 10.1.0.5

oracle/database_server 10.2.0.4

oracle/database_server 11.1.0.7

oracle/database_server 11.2.0.1

Published Oct 14, 2010

Tracked Since Feb 18, 2026