NVD

Id
70421  
Name
CVE-2005-4832  
Description
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2005-12-31  
Modified Date
2008-09-05  
Seq
2005-4832  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
362912 70421 CVE-2005-4832 http://www.appsecinc.com/resources/alerts/oracle/2005-02.html  View
362913 70421 CVE-2005-4832 http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt  View
362914 70421 CVE-2005-4832 http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql  View
362915 70421 CVE-2005-4832 http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf  View
362916 70421 CVE-2005-4832 20050418 [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages  View
362917 70421 CVE-2005-4832 20050711 Re: Problems with the Oracle Critical Patch Update for April 2005  View
362918 70421 CVE-2005-4832 13236  View
362919 70421 CVE-2005-4832 oracle-subscriptionname-sql-injection(20159)  View

Related JVN