CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5530
https://notcve.org/view.php?id=CVE-2007-5530
Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01. Vulnerabilidad no especificada en el componente Database Control para Oracle Database 10.1.0.5 y 10.2.0.3, y Enterprise Manager, tiene impacto y vectores de ataque remotos desconocidos, también conocido como EM01. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-5515
https://notcve.org/view.php?id=CVE-2007-5515
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27. Vulnerabilidad no especificada en el componente Spatial de Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, y 10.2.0.3 tiene impacto y vectores de ataque remotos desconocidos, también conocida como DB27. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5512
https://notcve.org/view.php?id=CVE-2007-5512
Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21. Vulnerabilidad no especificada en en el componente Oracle Database Vault de Oracle Database 9.2.0.8DV y 10.2.0.3 tiene impacto y vectores de ataque remotos desconocidos, también conocida como DB21. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5507
https://notcve.org/view.php?id=CVE-2007-5507
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. El servicio GIOP en TNS Listener del componente Oracle Net Services de Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (caída) o leer memoria potencialmente sensible mediante un paquete GIOP connect con un tamaño de datos inválido, lo cual dispara un desbordamiento de lectura de búfer, también conocida como DB22. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3250 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482423/100/0/threaded http://www.securityfocus.com/bid/26103 http://www.securitytracker.com/id?1018823 http://www.us-cert. • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2007-5508 – Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection
https://notcve.org/view.php?id=CVE-2007-5508
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server. Múltiples vulnerabilidades de inyección SQL en la aplicación CTXSYS Intermedia para el componente Oracle Text (CTX_DOC) en Oracle Database 10.1.0.5 y 10.2.0.3 permiten a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante los procedimientos (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP, también conocido como DB03. • https://www.exploit-db.com/exploits/4564 http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3242 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482425/100/0/threaded http://www.securityfocus.com/bid/26101 http://www.securitytracker&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •