CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5530
https://notcve.org/view.php?id=CVE-2007-5530
Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01. Vulnerabilidad no especificada en el componente Database Control para Oracle Database 10.1.0.5 y 10.2.0.3, y Enterprise Manager, tiene impacto y vectores de ataque remotos desconocidos, también conocido como EM01. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2007-5508 – Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection
https://notcve.org/view.php?id=CVE-2007-5508
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server. Múltiples vulnerabilidades de inyección SQL en la aplicación CTXSYS Intermedia para el componente Oracle Text (CTX_DOC) en Oracle Database 10.1.0.5 y 10.2.0.3 permiten a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante los procedimientos (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP, también conocido como DB03. • https://www.exploit-db.com/exploits/4564 http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3242 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482425/100/0/threaded http://www.securityfocus.com/bid/26101 http://www.securitytracker&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5505
https://notcve.org/view.php?id=CVE-2007-5505
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19). Múltiples vulnerabilidades sin especificar en las Bases de Datos de Oracle 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.3 tienen un impacto desconocido y vectores de ataque remotos, relacionado con (1) los componentes Export (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) componente Spatial (DB07) y (5) Advanced Security Option (DB19). • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2007-5513
https://notcve.org/view.php?id=CVE-2007-5513
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. El componente XML DB (XMLDB) de Oracle Database 9.2.0.8, 9.2.0.8DV, y 10.1.0.5 genera entradas de auditoría incorrectas en la columna USERID en la cual (1) nombres de usuario largo se recortan a 5 caracteres, o (2) entradas cortas contienen los caracteres extra de nombres de usuario en entradas previas, también conocida como DB23. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3247 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482426/100/0/threaded http://www.securityfocus.com/bid/26107 http://www.securitytracker.com/id?1018823 http://www.us- •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-5515
https://notcve.org/view.php?id=CVE-2007-5515
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27. Vulnerabilidad no especificada en el componente Spatial de Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, y 10.2.0.3 tiene impacto y vectores de ataque remotos desconocidos, también conocida como DB27. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •