CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2008-0344
https://notcve.org/view.php?id=CVE-2008-0344
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07. Vulnerabilidad no especificada en el componente Oracle Spatial de Oracle Database 10.1.0.5 y 10.2.0.3 tiene impacto y vectores de ataque remotos desconocidos, también conocido como DB07. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0341
https://notcve.org/view.php?id=CVE-2008-0341
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03. Vulnerabilidad no especificada en el componente Advanced Queuing de Oracle Database 9.0.1.5 FIPS+ y 10.1.0.5 tiene impacto y vectores de ataque desconocidos, también conocido como DB03. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6260
https://notcve.org/view.php?id=CVE-2007-6260
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed. El proceso de instalación de Oracle 10g y llg utiliza cuentas con contraseñas por defecto, lo cual permite a atacantes remotos obtener acceso autenticado conectándose al Listener. NOTA: al final de la instalación, si se lleva a cabo utilizando el Asistente de Configuración de Base de Datos (DBCA), la mayoría de las cuentas son deshabilitadas o sus contraseñas son cambiadas. • http://osvdb.org/43673 http://securityreason.com/securityalert/3419 http://www.davidlitchfield.com/blog/archives/00000030.htm http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf http://www.securityfocus.com/archive/1/483652/100/200/threaded http://www.securityfocus.com/bid/26425 • CWE-255: Credentials Management Errors •
CVSS: 8.5EPSS: 0%CPEs: 10EXPL: 0CVE-2007-5897
https://notcve.org/view.php?id=CVE-2007-5897
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. Desbordamiento de búfer en MDSYS.SDO_CS de Oracle Database Server 8iR3, 9iR1, 9iR2 hasta 9.2.0.6, y 10gR1 hasta 10.1.0.4 permite a usuarios autenticados remotos provocar una denegación de servicio (caída) y ejecutar código de su elección mediante la función TRANSFORM. NOTA: este asunto podría estar ya cubierto por CVE-2007-5515, CVE-2007-5509, o CVE-2007-5505, pero no hay suficientes detalles como para estar seguros. • http://osvdb.org/40081 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482918/100/100/threaded http://www.securityfocus.com/bid/26243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 85%CPEs: 1EXPL: 1CVE-2007-4517 – Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure
https://notcve.org/view.php?id=CVE-2007-4517
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. Desbordamiento de búfer en el procedimiento XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA en Oracle 10g R2 permite a usuarios remotos autenticados ejecutar código de su elección mediante un argumento (1) OWNER o (2) NAME. • https://www.exploit-db.com/exploits/18093 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=622 http://secunia.com/advisories/27526 http://securityreason.com/securityalert/8524 http://www.securityfocus.com/archive/1/483434/100/0/threaded http://www.securityfocus.com/bid/26374 http://www.securitytracker.com/id?1018908 http://www.vupen.com/english/advisories/2007/3803 https://exchange.xforce.ibmcloud.com/vulnerabilities/38318 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •