CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2006-5361
https://notcve.org/view.php?id=CVE-2006-5361
Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03. Vulnerabilidad no especificada en Oracle Containers para J2EE en Oracle Application Server 9.0.4.3, 10.1.2.0.0, y 10.1.2.0.1, y Oracle Collaboration Suite 9.0.4.2 y 10.1.2, tiene impacto y vectores de ataque remotos desconocidos, también conocido como Vuln# OC4J03. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/TA06-291A.html http://www.vupen.com/english/advisories/2006/4065 •
CVSS: 10.0EPSS: 5%CPEs: 5EXPL: 0CVE-2006-3708
https://notcve.org/view.php?id=CVE-2006-3708
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03. Vulnerabilidad no especificada en OC4J para Oracle Application Server 9.0.2.3, , 9.0.3.1, 9.0.4.2, 10.1.2.0.2, y 10.1.2.1, tiene un impacto desconocido y vectores de ataque, también conocido como Oracle Vuln# AS03. • http://secunia.com/advisories/21111 http://secunia.com/advisories/21165 http://securitytracker.com/id?1016529 http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html http://www.securityfocus.com/archive/1/440758/100/100/threaded http://www.securityfocus.com/bid/19054 http://www.us-cert.gov/cas/techalerts/TA06-200A.html http://www.vupen.com/english/advisories/2006/2863 http://www.vupen.c •
CVSS: 10.0EPSS: 1%CPEs: 46EXPL: 0CVE-2006-1884
https://notcve.org/view.php?id=CVE-2006-1884
Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01. • http://secunia.com/advisories/19712 http://secunia.com/advisories/19859 http://securitytracker.com/id?1015961 http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html http://www.securityfocus.com/archive/1/432267/100/0/threaded http://www.securityfocus.com/bid/17590 http://www.vupen.com/english/advisories/2006/1397 http://www.vupen.com/english/advisories/2006/1571 https://exchange.xforce.ibmcloud.com/vulnerabilities/26058 •
CVSS: 7.5EPSS: 9%CPEs: 22EXPL: 3CVE-2006-0586 – Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL / SQL Injection
https://notcve.org/view.php?id=CVE-2006-0586
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. Múltiples vulnerabilidades de inyección SQL en Oracle 10g Release 1 en versiones anteriores a CPU de Enero de 2006 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de parámetros múltiples en funciones (1) ATTACH_JOB, (2) HAS_PRIVS y (3) OPEN_JOB en el paquete SYS.KUPV$FT; y funciones (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK y (16) VALID_HANDLE en el paquete SYS.KUPV$FT_INT. NOTA: debido a la falta de detalles relevantes en la recomendación de Oracle, se está creando una CVE separada ya que no se puede probar concluyentemente que estas cuestiones hayan sido dirigidas por Oracle. • https://www.exploit-db.com/exploits/3179 https://www.exploit-db.com/exploits/3359 https://www.exploit-db.com/exploits/3376 http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html http://www.osvdb.org/22839 http://www.osvdb.org/22840 http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 60EXPL: 0CVE-2006-0552
https://notcve.org/view.php?id=CVE-2006-0552
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. • http://secunia.com/advisories/18493 http://secunia.com/advisories/18608 http://securitytracker.com/id?1015499 http://www.kb.cert.org/vuls/id/545804 http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html http://www.osvdb.org/22549 http://www.securityfocus.com/bid/16287 http://www.vupen.com/english/advisories/2006/0243 http://www.vupen.com/english/advisories/2006/0323 https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 •