CVE-2009-1020 – Oracle 9i/10g Database - Network Foundation Remote Overflow
https://notcve.org/view.php?id=CVE-2009-1020
Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Network Foundation en Oracle Database v9.2.0.8, v9.2.0.8DV, v10.1.0.5, v10.2.0.4 permite a los usuario remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • https://www.exploit-db.com/exploits/33084 http://osvdb.org/55897 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35684 http://www.securitytracker.com/id?1022560 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51749 •
CVE-2009-1019 – Oracle 9i/10g Database - Remote Network Authentication
https://notcve.org/view.php?id=CVE-2009-1019
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad inespecífica en el componente Network Authentication en Oracle Database v9.2.0.8, v9.2.0.8DV, v10.1.0.5, v10.2.0.4, y v11.1.0.7 permite a atacantes remotos afectar a al confidencialidad, integridad y la disponibilidad a través de vectores desconocidos. • https://www.exploit-db.com/exploits/33081 http://osvdb.org/55884 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35680 http://www.securitytracker.com/id?1022560 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51748 •
CVE-2009-1970 – Oracle 9i/10g Database - TNS Command Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1970
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991. Vulnerabilidad no especificada en el componente Listener en Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 y 11.1.0.7 permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2009-0991. • https://www.exploit-db.com/exploits/33083 http://osvdb.org/55891 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35683 http://www.securitytracker.com/id?1022560 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51756 •
CVE-2009-0972
https://notcve.org/view.php?id=CVE-2009-0972
Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Workspace Manager en Oracle Database v11.1.0.6, v11.1.0.7, v10.2.0.3, v10.2.0.4, v10.1.0.5, v9.2.0.8, y v9.2.0.8DV permite a usuarios remotos autenticados afectar a la confidencialidad, integridadad y disponibilidad mediante vectores desconocidos. • http://secunia.com/advisories/34693 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022052 http://www.us-cert.gov/cas/techalerts/TA09-105A.html •
CVE-2008-6065 – Oracle Database Server 11.1 - 'CREATE ANY Directory' Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-6065
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. Oracle Database Server v10.1, v10.2, y 11g concede permisos WRITE al directorio para rutas arbitrarias que están relacionadas con un estado CREATE OR REPLACE DIRECTORY, lo cual permite a usuarios autenticados con privilegios CREATE ANY DIRECTORY conseguir privilegios SYSDBA enlazando la ruta del directorio contraseña, y entonces sobre escribir el fichero contraseña a través de operaciones UTL_FILE, una cuestión relacionada con CVE-2006-7141. • https://www.exploit-db.com/exploits/32475 http://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any-directory-to-sysdba http://www.oracleforensics.com/wordpress/wp-content/uploads/2008/10/create-any-directory-to-sysdba.pdf http://www.securityfocus.com/archive/1/497286/100/0/threaded http://www.securityfocus.com/bid/31738 https://exchange.xforce.ibmcloud.com/vulnerabilities/48814 • CWE-264: Permissions, Privileges, and Access Controls •