CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0278
https://notcve.org/view.php?id=CVE-2007-0278
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) NLS Runtime y lmsgen (DB12), y (2) Oracle Text y ctxkbtc (DB14). • http://osvdb.org/32918 http://osvdb.org/32920 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2007-0274
https://notcve.org/view.php?id=CVE-2007-0274
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL. Múltiples vulnerabilidades no especificadas en Oracle Database 9.2.0.7 y 10.1.0.5 tienen un impacto desconocido y vectores de ataque relacionados con 1) Export y sys.dbms_logrep_util (DB08), y 2) Oracle Streams y privilegios sys.dbms_capture_adm_internal(DB09). NOTA: Oracle no ha cuestionado las afirmaciones de un investigador fiable de que DB08 es por un desbordamiento de búfer en el proceso GET_OBJECT_NAME en el paquete DBMS_LOGREP_UTIL, y DB09 es por desbordamientos de búfer en los procesos CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION en SYS.DBMS_CAPTURE_ADM_INTERNAL. • http://osvdb.org/32914 http://osvdb.org/32915 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/458037/100/0/threaded http://www.securityfocus.com/archive/1/458041/100/0/threaded http://www.securityfocus.com/archive/1/458112/100/100/threaded http://www.securityfocus.com/archive/1/458126/100/0/threaded http://www.securityfocus.com/archive&#x •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2007-0268
https://notcve.org/view.php?id=CVE-2007-0268
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 tienen vectores de impacto y ataque desconocidos relacionados con (1) el componente Advanced Queue Server y los privilegios sys.dbms_aqsys.dbms_aq (DB01), (2) Advanced Replication and sys.dbms_ repcat_untrusted (DB07) y (3) Oracle Text y ctxload (DB15). NOTA: Oracle no ha reclamado públicamente por investigadores confiables de que DB01 es para inyección SQL en el SYS. DBMS_AQ_INV y DB07 es para un desbordamiento de búfer en el procedimiento UNREGISTER_SNAPSHOT en el paquete DBMS_REPCAT_UNTRUSTED. • http://osvdb.org/32907 http://osvdb.org/32913 http://osvdb.org/32921 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.kb.cert.org/vuls/id/221788 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html http://www.securityfocus.com/archive/1/458005/100/0/threaded http://www.securityfocus.com/archive/1/458475/100/100/threaded http:/ •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2007-0275 – Oracle HTTP Server Header Cross Site Scripting
https://notcve.org/view.php?id=CVE-2007-0275
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. Vulnerabilidad de tipo cross-site-scripting (XSS) en Oracle Reports Web Cartridge (RWCGI60) en el componente Workflow Cartridge, tal como es usado en Oracle Database versiones 9.2.0.8, 10.1.0.5 y 10.2.0.3; Application Server versiones 9.0.4.3, 10.1.2.0.2 y 10.1.2.2; Collaboration Suite versión 10.1.2; y Oracle E-Business Suite and Applications versión 11.5.10CU2; permite a los usuarios autenticados remotos inyectar script web o HTML arbitrario por medio del parámetro genuser en rwcgi60, también se conoce como OWF01. Oracle HTTP Server for Oracle Application Server 10g version 10.1.2.0.2 suffers from a cross site scripting vulnerability. • http://osvdb.org/32906 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/457193/100/0/threaded http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2006-5337
https://notcve.org/view.php?id=CVE-2006-5337
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque autenticado remoto desconocidos, también conocida como Vuln# DB09. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •