CVE-2007-5508
CVE-2007-5508
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/4564unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=bugtraq&m=119332677525918&w=2http://secunia.com/advisories/27251http://secunia.com/advisories/27409http://securityreason.com/securityalert/3242http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.htmlhttp://www.securityfocus.com/archive/1/482425/100/0/threadedhttp://www.securityfocus.com/bid/26101http://www.securitytracker.com/id?1018823http://www.us-cert.gov/cas/techalerts/TA07-290A.htmlhttp://www.vupen.com/english/advisories/2007/3524http://www.vupen.com/english/advisories/2007/3626