header-logo
Suggest Exploit
vendor:
Oracle 10g
by:
SecurityFocus
7.5
CVSS
HIGH
Integer-Overflow
190
CWE
Product Name: Oracle 10g
Affected Version From: Oracle 10g R2
Affected Version To: Oracle 10g R2
Patch Exists: NO
Related CWE: N/A
CPE: oracle:oracle_10g_r2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Oracle 10g Integer-Overflow Vulnerability

Oracle 10g is reportedly prone to a integer-overflow vulnerability because the application fails to allocate a large enough data type to accommodate user-supplied input before using it in a query. An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions.

Mitigation:

Ensure that user-supplied input is properly validated and sanitized before being used in a query.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19201/info

Oracle 10g is reportedly prone to a integer-overflow vulnerability because the application fails to allocate a large enough data type to accommodate user-supplied input before using it in a query. This issue has not been confirmed.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions.

Reports indicate that Oracle 10g R2 is vulnerable; other versions may also be affected.

Connect with any user with only CREATE SESSION
SQL> alter session set events '10046 trace name context forever, level 16';

Navigation

Suggest Exploit

Services By CQR