Page 12 of 122 results (0.009 seconds)

CVSS: 5.5EPSS: 1%CPEs: 38EXPL: 0

CVE-2007-3854

https://notcve.org/view.php?id=CVE-2007-3854

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5+, 9.2.0.7 y 10.1.0.5, permiten a usuarios autenticados remotoss tener un impacto desconocido por medio de (1) SYS.DBMS_PRVTAQIS en el componente Advanced Queuing (DB02) y (2) MDSYS.MD en el componente Spatial (DB12). NOTA: Oracle no ha cuestionado las afirmaciones de investigadores confiables de que DB02 es para una inyección SQL y DB12 para un desbordamiento de búfer. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 http://secunia.com/advisories/26114 http://secunia.com/advisories/26166 http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html http://w •

CVSS: 6.5EPSS: 92%CPEs: 5EXPL: 2

CVE-2007-3855 – Oracle 9i/10g - Evil Views Change Passwords

https://notcve.org/view.php?id=CVE-2007-3855

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions. Multiples vulnerabilidades no especificadas en Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permiten a atacantes remotos autenticados tener un impacto desconocido mediante (1) SYS.DBMS_DRS en el componente DataGuard (DB03), (2) SYS.DBMS_STANDARD en el componente PL/SQL (DB10), (3) MDSYS.RTREE_IDX en el componente Spatial (DB16), y (4) SQL Compiler (DB17). NOTA: Un investigador fiable indica que DB17 es para utilizar Vistas para realizar inserciones no autorizadas, actualizaciones, o acciones de borrado. • https://www.exploit-db.com/exploits/4203 https://www.exploit-db.com/exploits/30295 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 http://rawlab.mindcreations.com/codes/exp/oracle/bunkerview.sql http://secunia.com/advisories/26114 http://secunia.com/advisories/26166 http://securityreason.com/securityalert/2903 http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf http://www.oracle.com/technetwork/topics •

CVSS: 6.5EPSS: 3%CPEs: 6EXPL: 0

CVE-2007-3856

https://notcve.org/view.php?id=CVE-2007-3856

Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04. Vulnerabilidad no especificada en el componente Oracle Data Mining para Oracle Database 10g Release 2 10.2.0.2 y 10.2.0.3, 10g 10.1.0.5, y Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, y 9.2.0.8DV tiene un impacto desconocido y vectores autenticados de ataque remoto relacionado con DMSYS.DMP_SYS, también conocido como DB04. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 http://secunia.com/advisories/26114 http://secunia.com/advisories/26166 http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html http://www.securitytracker.com/id?1018415 http://www.us-cert.gov/cas/techalerts/TA07-200A •

CVSS: 10.0EPSS: 78%CPEs: 4EXPL: 1

CVE-2007-3336 – CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)

https://notcve.org/view.php?id=CVE-2007-3336

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. Múltiples vulnerabilidades "pointer overwrite" en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (anteriormente Computer Associates), permiten a los atacantes remotos ejecutar código arbitrario mediante el envío de ciertos datos TCP en diferentes momentos hacia Ingres Communications Server Process (iigcc), que llama a las funciones (1) QUinsert o (2) QUremove con entrada controlada por el atacante. Computer Associates Advantage Ingres version 2.6 suffers from multiple denial of service vulnerabilities. • https://www.exploit-db.com/exploits/14646 http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html http://osvdb.org/37486 http://secunia.com/advisories/25756 http://secunia.com/advisories/25775 http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1 http://www.ngssoftware.com/advisories/critical-risk- •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2007-3337 – Computer Associates Advantage Ingres 2.6 Denial Of Service

https://notcve.org/view.php?id=CVE-2007-3337

wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. El inicio (wakeup) en la base de datos Ingres server 2006 9.0.4, r3, 2.6 y 2.5, tal y como se usa en los productos CA (Computer Associates), permite a usuarios locales truncar ficheros de su elección mediante un ataque symlink (de enlaces simbólicos) en el fichero alarmwkp.def. Computer Associates Advantage Ingres version 2.6 suffers from multiple denial of service vulnerabilities. • http://osvdb.org/37485 http://secunia.com/advisories/25756 http://secunia.com/advisories/25775 http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451 http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation http://www.securityfocus.com/archive/1/472200/100/0/threaded http://www.securityfocus.com/bid&#x •