CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 1CVE-2007-5508 – Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection
https://notcve.org/view.php?id=CVE-2007-5508
17 Oct 2007 — Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server. Múltiples vulnerabilidades de inyección SQL en la aplicación CTXSYS Intermedia p... • https://www.exploit-db.com/exploits/4564 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2007-5507
https://notcve.org/view.php?id=CVE-2007-5507
17 Oct 2007 — The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. El servicio GIOP en TNS Listener del componente Oracle Net Services de Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar... • http://marc.info/?l=bugtraq&m=119332677525918&w=2 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2007-5512
https://notcve.org/view.php?id=CVE-2007-5512
17 Oct 2007 — Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21. Vulnerabilidad no especificada en en el componente Oracle Database Vault de Oracle Database 9.2.0.8DV y 10.2.0.3 tiene impacto y vectores de ataque remotos desconocidos, también conocida como DB21. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5515
https://notcve.org/view.php?id=CVE-2007-5515
17 Oct 2007 — Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27. Vulnerabilidad no especificada en el componente Spatial de Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, y 10.2.0.3 tiene impacto y vectores de ataque remotos desconocidos, también conocida como DB27. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2007-5505
https://notcve.org/view.php?id=CVE-2007-5505
17 Oct 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19). Múltiples vulnerabilidades sin especificar en las Bases de Datos de Oracle 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.3 tienen un impacto desconocido y vectores de ataque remotos, relacion... • http://marc.info/?l=bugtraq&m=119332677525918&w=2 •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2007-5530
https://notcve.org/view.php?id=CVE-2007-5530
17 Oct 2007 — Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01. Vulnerabilidad no especificada en el componente Database Control para Oracle Database 10.1.0.5 y 10.2.0.3, y Enterprise Manager, tiene impacto y vectores de ataque remotos desconocidos, también conocido como EM01. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5514
https://notcve.org/view.php?id=CVE-2007-5514
17 Oct 2007 — Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26). Múltiples vulnerabilidades sin especificar en las Bases de Datos Oracle 10.2.0.3 tienen un impacto desconocido y vectores de ataque relacionados con (1) el componente Database Vault (DB24) y (2) el componente SQL Execution (DB26). • http://marc.info/?l=bugtraq&m=119332677525918&w=2 •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2007-5531
https://notcve.org/view.php?id=CVE-2007-5531
17 Oct 2007 — Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02. Vulnerabilidad no especificada en Oracle Help para Web, tal y como se usa en Oracle Application Server, Oracle Database 10.2.0.3, y Enterprise Manager 10.1.0.6, tiene un impacto desconocido y vectores de ataque remotos, también conocido como EM02. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2007-5506
https://notcve.org/view.php?id=CVE-2007-5506
17 Oct 2007 — The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. El núcleo del componente RDBMS en Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante un paquete de datos tipo 6 manipulado artesanalmente, también conocido como DB20. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 94%CPEs: 5EXPL: 2CVE-2007-3855 – Oracle 9i/10g - Evil Views Change Passwords
https://notcve.org/view.php?id=CVE-2007-3855
18 Jul 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions. Multiples vulnerabilidades n... • https://www.exploit-db.com/exploits/4203 •