Here's the page we think you wanted. See search results instead:

Chat Live

Welcome

You are signed as:

My Profile
Logout

Please Confirm

Confirm your country to access relevant pricing, special offers, events, and contact information.

What are you looking for?

I'm looking for support Pro Oscilloscopes Handheld Spectrum Analyzers Compact Signal Generators Find a solution Get technical support Take a class Find us at events Premium used equipment KeysightCare Buy online

No product matches found - System Exception

Oracle_Database_Server_DBMS_CDC_PUBLISH_Multiple_Procedure_SQL_Injection_attack

Strike ID:

G10-3o601

CVSS:

3.6 (AV:N/AC:H/Au:S/C:P/I:P/A:N)

False Positive:

Variants:

Year:

2010

Description

This strike exploits an SQL injection vulnerability in Oracle Database Server. The vulnerability is due to input validation errors in the DROP_CHANGE_SOURCE and ALTER_CHANGE_SOURCE procedures of the DBMS_CDC_PUBLISH package. Remote authenticated attackers with EXECUTE permission on the SYS.DBMS_CDC_PUBLISH package can exploit this vulnerability by sending a specially crafted parameter to the affected procedures. Successful exploitation would result in disclosure of information, and modification or manipulation of the data in the underlying database.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0870

References

http://secunia.com/advisories/39438

Oracle_Database_Server_DBMS_CDC_PUBLISH_Multiple_Procedure_SQL_Injection_attack

Description

CVE

References

Bid