CVSS: 6.8EPSS: 7%CPEs: 6EXPL: 0CVE-2007-2119
https://notcve.org/view.php?id=CVE-2007-2119
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en boundary_rules.jsp en el Administration Front End para Oracle Enterprise (Ultra) Search, utilizado en Database Server 9.2.0.8, 10.1.0.5, y 10.2.0.2, y en Application Server 9.0.4.3, 10.1.2.0.2, y 10.1.2.2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro EXTYPE, también conocido como SES01. • http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.red-database-security.com/advisory/oracle_css_ses.html http://www.securityfocus.com/archive/1/466156/100/0/threaded http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/TA07-108A.html http://www&# •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0273
https://notcve.org/view.php?id=CVE-2007-0273
Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities. Vulnerabilidad no especificada en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, y 10.2.0.3 tienen un impacto desconocido y vectores de ataque relacionados con XMLDB, también conocido como DBO6. NOTA: desde el 23/01/2007, Oracle no ha cuestionado las afirmaciones de un investigador fiable de que DB06 es por múltiples vulnerabilidades Cross-site scripting (XSS). • http://osvdb.org/32912 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_xmldb_css2.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2007-0275 – Oracle HTTP Server Header Cross Site Scripting
https://notcve.org/view.php?id=CVE-2007-0275
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. Vulnerabilidad de tipo cross-site-scripting (XSS) en Oracle Reports Web Cartridge (RWCGI60) en el componente Workflow Cartridge, tal como es usado en Oracle Database versiones 9.2.0.8, 10.1.0.5 y 10.2.0.3; Application Server versiones 9.0.4.3, 10.1.2.0.2 y 10.1.2.2; Collaboration Suite versión 10.1.2; y Oracle E-Business Suite and Applications versión 11.5.10CU2; permite a los usuarios autenticados remotos inyectar script web o HTML arbitrario por medio del parámetro genuser en rwcgi60, también se conoce como OWF01. Oracle HTTP Server for Oracle Application Server 10g version 10.1.2.0.2 suffers from a cross site scripting vulnerability. • http://osvdb.org/32906 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/457193/100/0/threaded http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0269
https://notcve.org/view.php?id=CVE-2007-0269
Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. Vulnerabilidades no especificadas en Oracle Database 9.2.0.8, 10.1.0.5, y 10.2.0.3 tienen un impacto desconocido y vectores de ataque relacionados con el Change Data Capture y privilegios sys.dbms_cdc_subscribe, tabién conocido cómo DB02. • http://osvdb.org/32908 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 0CVE-2006-5341
https://notcve.org/view.php?id=CVE-2006-5341
Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors, aka (1) Vuln# DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB14 is for SQL injection in the PITRIG_DROP and PITRIG_DROPMETADATA functions in XDB_PITRIG_PKG, and DB15 is for SQL injection in DISABLE_HIERARCHY_INTERNAL in DBMS_XDBZ. Múltiples vulnerabilidades no especificadas en el componente XMLDB en Oracle Database 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque remoto autenticado remoto, también conocida como (1) Vuln# DB14 y (2) DB15 relacionado con xdb.dbms_xdbz. NOTA: a partir de 20061023, Oracle no ha disputado informes de terceras partes confiables sobre que DB14 es para inyección SQL en las funciones PITRIG_DROP y PITRIG_DROPMETADATA en XDB_PITRIG_PKG y DB15 es para inyección SQL en DISABLE_HIERARCHY_INTERNAL en DBMS_XDBZ. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/318764 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfoc •