SQL Injection Vulnerability in Oracle Database 10g Streams Capture Component
CVE-2006-0269

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g
Vendor: CVE Published:; 18 January 2006

Summary

The Streams Capture component of Oracle Database versions 10.1.0.5 and 10.2.0.1 has been identified to possess an unspecified vulnerability that may facilitate SQL injection attacks. Independent researchers have reported that this flaw lies within the SET_DIRECTORY_ROOT function of the DBMS_CDC_PUBLISH package, potentially allowing unauthorized access or modification of database interactions. Users are advised to promptly evaluate their deployment to mitigate risks associated with this issue.

References

http://www.osvdb.org/22563

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/24321

vdb-entryx_refsource_XF

http://www.red-database-security.com/advisory/oracle_cpu_...

x_refsource_MISC

Timeline

Vulnerability published
Jan 18, 2006
Vulnerability Reserved
Jan 18, 2006