Page 14 of 122 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. Una vulnerabilidad de inyección SQL en el paquete SYS.DBMS_AQADM_SYS en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 permite a los usuarios autenticados remotos inyectar comandos SQL arbitrarios por medio de vectores desconocidos, también se conoce como DB04. NOTA: a partir de 24-04-2007, Oracle no ha cuestionado afirmaciones confiables que DB04 es realmente para múltiples vulnerabilidades. • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 h • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). Vulnerabilidad no especificada en el componente Core RDBMS para Oracle Database 9.0.1.5+, 9.2.0.7 y 10.1.0.4 sobre sistemas Windows tiene impacto y vectores de ataque no especificados, también conocida como DB03. NOTA: a partir de 20070424, Oracle no ha disputado alegaciones confiables sobre que DB03 ocurre debido a que RDBMS utiliza una NULL Discretionary Access Control List (DACL) para el proceso Oracle y determinadas secciones de memoria compartida, lo que permite a usuarios locales inyectar hilos y ejecutar código arbitrario a través de las funciones OpenProcess, OpenThread y SetThreadContext (DB03). • http://www.freelists.org/archives/oracle-l/12-2006/msg00004.html http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.secu •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) NLS Runtime y lmsgen (DB12), y (2) Oracle Text y ctxkbtc (DB14). • http://osvdb.org/32918 http://osvdb.org/32920 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •

CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1

Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL. Múltiples vulnerabilidades no especificadas en Oracle Database 9.2.0.7 y 10.1.0.5 tienen un impacto desconocido y vectores de ataque relacionados con 1) Export y sys.dbms_logrep_util (DB08), y 2) Oracle Streams y privilegios sys.dbms_capture_adm_internal(DB09). NOTA: Oracle no ha cuestionado las afirmaciones de un investigador fiable de que DB08 es por un desbordamiento de búfer en el proceso GET_OBJECT_NAME en el paquete DBMS_LOGREP_UTIL, y DB09 es por desbordamientos de búfer en los procesos CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION en SYS.DBMS_CAPTURE_ADM_INTERNAL. • http://osvdb.org/32914 http://osvdb.org/32915 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/458037/100/0/threaded http://www.securityfocus.com/archive/1/458041/100/0/threaded http://www.securityfocus.com/archive/1/458112/100/100/threaded http://www.securityfocus.com/archive/1/458126/100/0/threaded http://www.securityfocus.com/archive&#x •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities. Vulnerabilidad no especificada en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, y 10.2.0.3 tienen un impacto desconocido y vectores de ataque relacionados con XMLDB, también conocido como DBO6. NOTA: desde el 23/01/2007, Oracle no ha cuestionado las afirmaciones de un investigador fiable de que DB06 es por múltiples vulnerabilidades Cross-site scripting (XSS). • http://osvdb.org/32912 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_xmldb_css2.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •