CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2010-3594 – Oracle Real User Experience Insight rsynclogdird SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2010-3594
Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files. Una vulnerabilidad no especificada en el componente Real User Experience Insight en Enterprise Manager Grid Control de Oracle versión 6.0, permite a los atacantes remotos afectar a la confidencialidad y la integridad por medio de vectores desconocidos relacionados con Processing. NOTA: la información anterior fue obtenida de la CPU de enero de 2011. • http://secunia.com/advisories/42973 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45874 http://www.securitytracker.com/id?1024979 http://www.vupen.com/english/advisories/2011/0140 http://www.zerodayinitiative.com/advisories/ZDI-11-016 https://exchange.xforce.ibmcloud.com/vulnerabilities/64779 •
CVSS: 10.0EPSS: 97%CPEs: 3EXPL: 2CVE-2010-3600 – Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3600
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code. Una vulnerabilidad no especificada en el componente Client System Analyzer en Database Server versiones 11.1.0.7 y 11.2.0.1 y Enterprise Manager Grid Control versión 10.2.0.5, de Oracle, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de enero de 2011. • https://www.exploit-db.com/exploits/22714 https://github.com/LAITRUNGMINHDUC/CVE-2010-3600-PythonHackOracle11gR2 http://secunia.com/advisories/42895 http://secunia.com/advisories/42921 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45883 http://www.securitytracker.com/id?1024972 http://www.vupen.com/english/advisories/2011/0139 http://www.vupen.com/english/advisories/2011/0140 http://www.zerodayinitiative.com/advisories/ZDI-11-018&# •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-2390
https://notcve.org/view.php?id=CVE-2010-2390
Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3, and Enterprise Manager Grid Control allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Database Control en EM Console en Oracle Database Server v10.1.0.5 y v10.2.0.3, Oracle Fusion Middleware v10.1.2.3 y v10.1.4.3 y Enterprise Manager Grid Control permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2373
https://notcve.org/view.php?id=CVE-2010-2373
Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Console de Oracle Enterprise Manager Grid Control v10.1.0.6 y v10.2.0.5, permite a atacantes remotos afectar la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5447
https://notcve.org/view.php?id=CVE-2008-5447
Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad sin especificar en el componente Oracle Enterprise Manager en Oracle Enterprise Manager 10.2.0.4, permite a usuarios autenticados remotamente comprometer la confidencialidad y la integridad a través de vectores desconocidos. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021569 http://www.vupen.com/english/advisories/2009/0115 •