DB: Oracle SYS.KUPV Unsafe Command

This signature detects attempts to exploit a known vulnerability against Oracle Database SYS.KUPV module. A successful attack can lead to arbitrary code execution.

Extended Description

Oracle 10g is prone to multiple SQL-injection vulnerabilities. These issues affect various functions of the 'SYS.KUPV$FT' package. Exploiting these vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. Successful exploitation may allow the attacker to compromise the application, retrieve sensitive information, or modify data; other consequences are possible as well. Oracle 10g Release 1 and prior versions are considered vulnerable to these issues. These issues are part of the vulnerabilities addressed by Oracle in Oracle Critical Patch Update - January 2006. Please see BID 16287 (Oracle January Security Update Multiple Vulnerabilities) for more information.

Affected Products

Oracle oracle10g_standard_edition

Short Name
DB:ORACLE:SYS:KUPVFT-UNSAFE
Severity
Major
Recommended
False
Recommended Action
None
Category
DB
Keywords
CVE-2006-0586 Command Oracle SYS.KUPV Unsafe bid:16287 bid:16294
Release Date
03/05/2007
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3728
False Positive
Unknown
Vendors

Oracle

CVSS Score

7.5

Found a potential security threat?