Page 13 of 122 results (0.012 seconds)

CVSS: 4.3EPSS: 89%CPEs: 1EXPL: 1

Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search. La vulnerabilidad no especificada en el componente Secure Enterprise Search en Database de Oracle versión 10.1.8.3, permite a los atacantes remotos afectar a la integridad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de julio de 2009. • https://www.exploit-db.com/exploits/33082 http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html http://dsecrg.com/pages/vul/show.php?id=125 http://osvdb.org/55892 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35681 http://www.securitytracker.com/id?1022560 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51754 •

CVSS: 5.0EPSS: 6%CPEs: 5EXPL: 1

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991. Vulnerabilidad no especificada en el componente Listener en Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 y 11.1.0.7 permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2009-0991. • https://www.exploit-db.com/exploits/33083 http://osvdb.org/55891 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35683 http://www.securitytracker.com/id?1022560 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51756 •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Workspace Manager en Oracle Database v11.1.0.6, v11.1.0.7, v10.2.0.3, v10.2.0.4, v10.1.0.5, v9.2.0.8, y v9.2.0.8DV permite a usuarios remotos autenticados afectar a la confidencialidad, integridadad y disponibilidad mediante vectores desconocidos. • http://secunia.com/advisories/34693 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022052 http://www.us-cert.gov/cas/techalerts/TA09-105A.html •

CVSS: 5.1EPSS: 2%CPEs: 3EXPL: 1

Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. Oracle Database Server v10.1, v10.2, y 11g concede permisos WRITE al directorio para rutas arbitrarias que están relacionadas con un estado CREATE OR REPLACE DIRECTORY, lo cual permite a usuarios autenticados con privilegios CREATE ANY DIRECTORY conseguir privilegios SYSDBA enlazando la ruta del directorio contraseña, y entonces sobre escribir el fichero contraseña a través de operaciones UTL_FILE, una cuestión relacionada con CVE-2006-7141. • https://www.exploit-db.com/exploits/32475 http://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any-directory-to-sysdba http://www.oracleforensics.com/wordpress/wp-content/uploads/2008/10/create-any-directory-to-sysdba.pdf http://www.securityfocus.com/archive/1/497286/100/0/threaded http://www.securityfocus.com/bid/31738 https://exchange.xforce.ibmcloud.com/vulnerabilities/48814 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 88%CPEs: 6EXPL: 0

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows attackers to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure. Una vulnerabilidad no especificada en el componente Advanced Queuing en Database de Oracle versiones 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 y 11.1.0.6, presenta un impacto desconocido y vectores de ataque autenticados remotos relacionados con SYS.DBMS_AQELM. NOTA: la información anterior fue obtenida de la CPU de julio de 2008 de Oracle. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726 http://secunia.com/advisories/31087 http://secunia.com/advisories/31113 http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html http://www.securitytracker.com/id?1020499 http://www.vupen.com/english/advisories/2008/2109/references http://www.vupen.com/english/advisories/2008/2115 •