CVE-2017-5611 – WordPress Core < 4.7.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2017-5611
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. Vulnerabilidad de inyección SQL en wp-includes/class-wp-query.php en WP_Query en WordPress en versiones anteriores a 4.7.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios aprovechando la presencia de un plugin o tema afectado que no maneja correctamente un nombre de tipo de publicación manipulado. • http://www.debian.org/security/2017/dsa-3779 http://www.openwall.com/lists/oss-security/2017/01/28/5 http://www.securityfocus.com/bid/95816 http://www.securitytracker.com/id/1037731 https://codex.wordpress.org/Version_4.7.2 https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release https://wpvulndb.com/vulnerabilities/8730 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-5618
https://notcve.org/view.php?id=CVE-2016-5618
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0 y 12.2.1.1.0 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con Code Generation Engine. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93682 http://www.securitytracker.com/id/1037051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5602
https://notcve.org/view.php?id=CVE-2016-5602
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0 y 12.2.1.1.0 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con Code Generation Engine. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93741 http://www.securitytracker.com/id/1037051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •