Search
Total
490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5343 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack vectors related to sys.dbms_scheduler, aka Vuln# DB19. | |||||
| CVE-2006-5342 | 1 Oracle | 1 Database Server | 2018-10-17 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_tune, aka Vuln# DB18. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB18 might be related to SQL injection in the EXTENT_OF function. | |||||
| CVE-2006-5341 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors, aka (1) Vuln# DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB14 is for SQL injection in the PITRIG_DROP and PITRIG_DROPMETADATA functions in XDB_PITRIG_PKG, and DB15 is for SQL injection in DISABLE_HIERARCHY_INTERNAL in DBMS_XDBZ. | |||||
| CVE-2006-5340 | 1 Oracle | 1 Database Server | 2018-10-17 | 7.1 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package. | |||||
| CVE-2006-5339 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB11 is related to "length checking" in the RELATE function before MD2.RELATE is called. | |||||
| CVE-2006-5345 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called. | |||||
| CVE-2006-5338 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL. | |||||
| CVE-2006-5337 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09. | |||||
| CVE-2006-5336 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure. | |||||
| CVE-2006-5335 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) Vuln# DB04 and sys.dbms_cdc_impdp in the (a) Change Data Capture (CDC) component; (2) Vuln# DB07, (3) DB08, and (4) DB16 in sys.dbms_cdc_isubscribe in CDC; and (5) mdsys.sdo_geor_int in the (b) Oracle Spatial component, aka DB12. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that these issues are related to SQL injection in the BUMP_SEQUENCE function (DB04), CREATE_SUBSCRIPTION (DB07), EXTEND_WINDOW_LIST (DB08), SUBSCRIBE (DB16), and COMPRESSDATA (DB12). | |||||
| CVE-2006-5333 | 1 Oracle | 1 Database Server | 2018-10-17 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block. | |||||
| CVE-2006-5332 | 1 Oracle | 1 Database Server | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure. | |||||
| CVE-2006-5334 | 1 Oracle | 1 Database Server | 2018-10-17 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote authenticated attack vectors related to mdsys.md2, aka Vuln# DB03. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB03 is related to one or more of (1) a buffer overflow in the (a) RELATE function or (2) SQL injection in the (b) TESSELATE_FIXED and (c) TESSELATE function. | |||||
| CVE-2007-2119 | 1 Oracle | 2 Application Server, Database Server | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. | |||||
| CVE-2007-2118 | 1 Oracle | 1 Database Server | 2018-10-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility." | |||||
| CVE-2007-2117 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon. | |||||
| CVE-2007-2116 | 1 Oracle | 1 Database Server | 2018-10-16 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. | |||||
| CVE-2007-2130 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2018-10-16 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. | |||||
| CVE-2007-2115 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar." | |||||
| CVE-2007-2114 | 1 Oracle | 1 Database Server | 2018-10-16 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11). | |||||
| CVE-2007-2113 | 1 Oracle | 1 Database Server | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues. | |||||
| CVE-2007-2112 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the AUTH_ALTER_SESSION security policies via a logon trigger ("AFTER LOGON ON DATABASE" trigger directive), a related issue to CVE-2006-0547. | |||||
| CVE-2007-2109 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams". | |||||
| CVE-2007-2108 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2018-10-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. | |||||
| CVE-2007-2111 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. | |||||
| CVE-2007-2110 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2018-10-16 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). | |||||
| CVE-2007-0275 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2018-10-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. | |||||
| CVE-2007-0274 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL. | |||||
| CVE-2007-0270 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.5 MEDIUM | N/A |
| Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03. | |||||
| CVE-2007-0268 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package. | |||||
| CVE-2007-0272 | 1 Oracle | 1 Database Server | 2018-10-16 | 8.5 HIGH | N/A |
| Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. | |||||
| CVE-2007-0271 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution. | |||||
| CVE-2006-7141 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.0 MEDIUM | N/A |
| ** DISPUTED ** Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability. | |||||
| CVE-2006-7067 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.0 MEDIUM | N/A |
| Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect. | |||||
| CVE-2008-0347 | 1 Oracle | 6 Application Server, Application Server 9i, Collaboration Suite and 3 more | 2018-10-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges. | |||||
| CVE-2007-6260 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.8 MEDIUM | N/A |
| The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed. | |||||
| CVE-2007-5897 | 1 Oracle | 1 Database Server | 2018-10-15 | 8.5 HIGH | N/A |
| Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. | |||||
| CVE-2007-5511 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain. | |||||
| CVE-2007-5513 | 1 Oracle | 1 Database Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. | |||||
| CVE-2007-5508 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server. | |||||
| CVE-2007-5507 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.4 MEDIUM | N/A |
| The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. | |||||
| CVE-2007-5506 | 1 Oracle | 1 Database Server | 2018-10-15 | 7.8 HIGH | N/A |
| The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. | |||||
| CVE-2007-5504 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a buffer overflow in the DBLINK_INFO procedure in the DBMS_AQADM_SYS package. | |||||
| CVE-2007-4822 | 2 Buffalotech, Oracle | 2 Airstation Whr-g54s, Database Server | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. | |||||
| CVE-2007-4517 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.0 MEDIUM | N/A |
| Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. | |||||
| CVE-2007-3855 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions. | |||||
| CVE-2008-2592 | 1 Oracle | 3 Advanced Replication Component, Database Server, Oracle Database | 2018-10-11 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure. | |||||
| CVE-2008-2613 | 1 Oracle | 2 Database Scheduler, Database Server | 2018-10-11 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library. | |||||
| CVE-2008-1821 | 1 Oracle | 1 Database Server | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB15 is for multiple buffer overflows in the (1) AQ$_REGISTER and (2) AQ$_UNREGISTER procedures. | |||||
| CVE-2008-1813 | 1 Oracle | 2 Database 9i, Database Server | 2018-10-11 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password. | |||||