CVSS: 8.8EPSS: 6%CPEs: 38EXPL: 0CVE-2007-3854
https://notcve.org/view.php?id=CVE-2007-3854
18 Jul 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5+, 9.2.0.7 y 10.1.0.5, permiten a usuarios auten... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3860
https://notcve.org/view.php?id=CVE-2007-3860
18 Jul 2007 — Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters. Vulnerabilidad no especificada en Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 hasta la 3.0.0.00.20 permite a a desarolladores tener un... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-7138
https://notcve.org/view.php?id=CVE-2006-7138
07 Mar 2007 — SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven. Vulnerabilidad de inyección SQL en wwv_flow_utilities.gen_popup_list en WWV_FLOW_UTIL... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7158
https://notcve.org/view.php?id=CVE-2006-7158
07 Mar 2007 — Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Oracle Application Express (APEX) versiones anteriores a 2.2.1, también conocido como Oracle HTML DB, permite a atacantes remotos inyectar scripts ... • http://secunia.com/advisories/22396 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2006-5351
https://notcve.org/view.php?id=CVE-2006-5351
18 Oct 2006 — Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) A... • http://secunia.com/advisories/22396 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2006-5352
https://notcve.org/view.php?id=CVE-2006-5352
18 Oct 2006 — Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21. Múltiples vulnerabilidades no especificadas en Oracle Application Express 1.5 a 1.6.1 tienen impacto y vectores de ataque remotos desconocidos, también conocido como Vuln# (1) APEX04, (2) APEX20, y (3) APEX21. • http://secunia.com/advisories/22396 •