CyberSec.Space Logo
Back to CVE Browser

CVE-2006-3702

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1920%
EPSS Percentile29.01th
PublishedJul 21, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081.

Affected Platforms (CPE)

πŸ“¦
Oracle

Database Server

= 8.1.7.4
πŸ“¦
Oracle

Database Server

= 9.2.0.7
πŸ“¦
Oracle

Database Server

= 10.1.0.5
πŸ“¦
Oracle

Database Server

= 10.2.0.2

References & Advisories

πŸ”— http://secunia.com/advisories/21111
πŸ”— http://secunia.com/advisories/21165
πŸ”— http://securitytracker.com/id?1016529
πŸ”— http://www.kb.cert.org/vuls/id/932124
πŸ”— http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
πŸ”— http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html
πŸ”— http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html
πŸ”— http://www.securityfocus.com/archive/1/440758/100/100/threaded

Related Vulnerabilities

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-2020-677910.0

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 a...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-1999-000310.0

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).