CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-2115
https://notcve.org/view.php?id=CVE-2007-2115
Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar." Una vulnerabilidad no especificada en el componente de Change Data Capture (CDC) en Oracle Database versiones 9.2.0.7, 10.1.0.5 y 10.2.0.2 tiene un impacto desconocido y vectores de ataque, también se conoce como DB09. NOTA: a partir de 24-04-2007, Oracle no ha cuestionado las afirmaciones confiables de que este problema implica múltiples vulnerabilidades de inyección SQL en el DBMS_CDC_PUBLISH con vectores autenticados remotos que involucran las "java classes in CDC.jar." • http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securityt •
CVSS: 9.0EPSS: 71%CPEs: 3EXPL: 0CVE-2007-2116
https://notcve.org/view.php?id=CVE-2007-2116
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. Vulnerabilidad no especificada en el componente Advanced Replication en Oracle Database 9.0.1.5+, 9.2.0.7 y 10.1.0.5 tiene impacto y vectores de ataque no especificados, también conocida como DB10. NOTA: a partir de 20070424, Oracle no ha disputado alegaciones sobre que estos son desbordamientos de buffer en kkzi.o para el paquete SYS.DBMS_SNAP_INTERNAL utilizando los parámetros (1) SNAP_OWNER or (2) SNAP_NAME. • http://www.appsecinc.com/resources/alerts/oracle/2007-07.shtml http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466173/100/0/threaded http://www.securityfocus.com/archive/1/466329/100/200/threaded&# •
CVSS: 6.8EPSS: 7%CPEs: 6EXPL: 0CVE-2007-2119
https://notcve.org/view.php?id=CVE-2007-2119
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en boundary_rules.jsp en el Administration Front End para Oracle Enterprise (Ultra) Search, utilizado en Database Server 9.2.0.8, 10.1.0.5, y 10.2.0.2, y en Application Server 9.0.4.3, 10.1.2.0.2, y 10.1.2.2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro EXTYPE, también conocido como SES01. • http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.red-database-security.com/advisory/oracle_css_ses.html http://www.securityfocus.com/archive/1/466156/100/0/threaded http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/TA07-108A.html http://www&# •
CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 0CVE-2007-2130
https://notcve.org/view.php?id=CVE-2007-2130
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. Vulnerabilidad no especificada en Workflow Cartridge, tal y como se usa en Oracle Database Server 9.2.0.1, 10.1.0.2, y 10.2.0.1; Application Server 9.0.4.3 y 10.1.2.0.2; Collaboration Suite 10.1.2; y E-Business Suite; tienen un impacto desconocido y vectores de ataque remotos autenticados, también conocido como OWF01. • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/TA07-108A.html http://www.vupen.com/english/advisories/2007/1426 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0273
https://notcve.org/view.php?id=CVE-2007-0273
Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities. Vulnerabilidad no especificada en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, y 10.2.0.3 tienen un impacto desconocido y vectores de ataque relacionados con XMLDB, también conocido como DBO6. NOTA: desde el 23/01/2007, Oracle no ha cuestionado las afirmaciones de un investigador fiable de que DB06 es por múltiples vulnerabilidades Cross-site scripting (XSS). • http://osvdb.org/32912 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_xmldb_css2.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •