{"api_version":"1","generated_at":"2026-04-22T23:21:36+00:00","cve":"CVE-2006-0586","urls":{"html":"https://cve.report/CVE-2006-0586","api":"https://cve.report/api/cve/CVE-2006-0586.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-0586","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-0586"},"summary":{"title":"CVE-2006-0586","description":"Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package.  NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle.  It is unclear which, if any, Oracle Vuln# identifiers apply to these issues.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-02-08 01:02:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-89","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html","name":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/422424/30/7370/threaded","name":"http://www.securityfocus.com/archive/1/422424/30/7370/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/422423/30/7370/threaded","name":"http://www.securityfocus.com/archive/1/422423/30/7370/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html","name":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"[Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in\n\tSYS.KUPV$FT","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html","name":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/16294","name":"http://www.securityfocus.com/bid/16294","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24195","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24195","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24197","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24197","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/22840","name":"http://www.osvdb.org/22840","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html","name":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"[Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in\n\tSYS.KUPV$FT_INT","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html","name":"http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/22839","name":"http://www.osvdb.org/22839","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html","name":"MISC:http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html","refsource":"MITRE","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html","name":"MISC:http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html","refsource":"MITRE","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-0586","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-0586","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.0.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.2.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"enterprise_10.1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"enterprise_10.1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"enterprise_10.1.0.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"enterprise_10.1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"personal_10.1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"personal_10.1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"personal_10.1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"personal_10.10.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"standard_10.1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"standard_10.1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"standard_10.1.0.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"standard_10.1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"standard_10.1.0.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"586","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"oracle10g","cpe6":"standard_10.1.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"586","cve":"CVE-2006-0586","epss":"0.170610000","percentile":"0.949990000","score_date":"2026-04-16","updated_at":"2026-04-17 00:09:25"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:41:28.752Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"},{"name":"22840","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/22840"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html"},{"name":"20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html"},{"name":"22839","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/22839"},{"name":"20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html"},{"name":"16294","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/16294"},{"name":"oracle-syskupv$ft-sql-injection(24195)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24195"},{"name":"oracle-syskupv$ftint-sql-injection(24197)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24197"},{"name":"20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/422424/30/7370/threaded"},{"name":"20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/422423/30/7370/threaded"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-01-17T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package.  NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle.  It is unclear which, if any, Oracle Vuln# identifiers apply to these issues."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-19T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html"},{"tags":["x_refsource_MISC"],"url":"http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"},{"name":"22840","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/22840"},{"tags":["x_refsource_MISC"],"url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html"},{"name":"20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html"},{"name":"22839","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/22839"},{"name":"20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html"},{"name":"16294","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/16294"},{"name":"oracle-syskupv$ft-sql-injection(24195)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24195"},{"name":"oracle-syskupv$ftint-sql-injection(24197)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24197"},{"name":"20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/422424/30/7370/threaded"},{"name":"20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/422423/30/7370/threaded"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-0586","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package.  NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle.  It is unclear which, if any, Oracle Vuln# identifiers apply to these issues."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html","refsource":"MISC","url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html"},{"name":"http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html","refsource":"MISC","url":"http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"},{"name":"22840","refsource":"OSVDB","url":"http://www.osvdb.org/22840"},{"name":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html","refsource":"MISC","url":"http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html"},{"name":"20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html"},{"name":"22839","refsource":"OSVDB","url":"http://www.osvdb.org/22839"},{"name":"20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html"},{"name":"16294","refsource":"BID","url":"http://www.securityfocus.com/bid/16294"},{"name":"oracle-syskupv$ft-sql-injection(24195)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24195"},{"name":"oracle-syskupv$ftint-sql-injection(24197)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24197"},{"name":"20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/422424/30/7370/threaded"},{"name":"20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/422423/30/7370/threaded"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-0586","datePublished":"2006-02-08T01:00:00.000Z","dateReserved":"2006-02-08T00:00:00.000Z","dateUpdated":"2024-08-07T16:41:28.752Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-02-08 01:02:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-89","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1C1B82E1-D1AD-46F2-8B95-117F38563FC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"6FC5FDD9-F24C-4DA2-9CE3-96522DB4A10E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"DDECF110-F375-4A3C-8BA9-1CF69B6EF027"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"77F36775-7D44-405E-8DE3-EBD71C9EE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.2:*:*:*:*:*:*:*","matchCriteriaId":"D94B7D50-4527-4C14-8A50-D4C0566F36BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FB8F5AAE-0365-4E01-AB04-CDC6D58B00B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"F0B4BAA9-D045-4D2B-8220-47F47ED936DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FE6C4D36-D9D1-4143-94AA-D8E08F23D2E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"CD4E604B-6C0D-474F-A3A9-B07EF0A7D2E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"8667E51F-86A9-4181-8FCC-BECC6F50913B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2C84E349-48A8-4800-A300-AACEC8659656"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"323353FE-7ECD-4668-BDB1-3E5CA8F3F9A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B33627F4-3E7D-4181-8171-2B65F8C60E7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:personal_10.10.3.1:*:*:*:*:*:*:*","matchCriteriaId":"86D1E996-3AD3-4B17-B959-6790BC735F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"C8975840-9843-4034-BBED-B31A9BA16DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D0A39665-BB49-4135-9850-8CF9E69546FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E2764001-8B54-47AD-A265-0C0B0F691A15"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"41B5ED54-BAF4-41B3-8B09-F9795AB7A18A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*","matchCriteriaId":"D2EA2727-2F53-470F-AF58-1B33B7A5B7EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"0EAD20B6-258F-4093-BEE0-99F11D61A61F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"586","Ordinal":"1","Title":"CVE-2006-0586","CVE":"CVE-2006-0586","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"586","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package.  NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle.  It is unclear which, if any, Oracle Vuln# identifiers apply to these issues.","Type":"Description","Title":"CVE-2006-0586"},{"CveYear":"2006","CveId":"586","Ordinal":"2","NoteData":"2006-02-07","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"586","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}