CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0CVE-2007-5507
https://notcve.org/view.php?id=CVE-2007-5507
17 Oct 2007 — The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. El servicio GIOP en TNS Listener del componente Oracle Net Services de Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar... • http://marc.info/?l=bugtraq&m=119332677525918&w=2 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 6%CPEs: 38EXPL: 0CVE-2007-3854
https://notcve.org/view.php?id=CVE-2007-3854
18 Jul 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5+, 9.2.0.7 y 10.1.0.5, permiten a usuarios auten... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 •
CVSS: 8.8EPSS: 31%CPEs: 5EXPL: 2CVE-2007-3855 – Oracle 9i/10g - Evil Views Change Passwords
https://notcve.org/view.php?id=CVE-2007-3855
18 Jul 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions. Multiples vulnerabilidades n... • https://www.exploit-db.com/exploits/4203 •
CVSS: 8.8EPSS: 32%CPEs: 5EXPL: 0CVE-2007-2108
https://notcve.org/view.php?id=CVE-2007-2108
18 Apr 2007 — Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. Una vulnerabilidad no especificada en e... • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-2110
https://notcve.org/view.php?id=CVE-2007-2110
18 Apr 2007 — Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions... • http://www.freelists.org/archives/oracle-l/12-2006/msg00004.html •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2007-2111
https://notcve.org/view.php?id=CVE-2007-2111
18 Apr 2007 — SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. Una vulnerabilidad de inyección SQL en el paquete SYS.DBMS_AQADM_SYS en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 permite a los usuarios autenticados remotos inyectar comandos ... • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 17%CPEs: 3EXPL: 0CVE-2007-2116
https://notcve.org/view.php?id=CVE-2007-2116
18 Apr 2007 — Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. Vulnerabilidad no especificada en el componente Advanced Replication en Oracle Database 9.0.1.5+, 9.2.0.7 y 10.1.0.5 tiene impacto y vectores de ataque no espec... • http://www.appsecinc.com/resources/alerts/oracle/2007-07.shtml •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-2118
https://notcve.org/view.php?id=CVE-2007-2118
18 Apr 2007 — Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility." Una vulnerabilidad no especificada en el componente de Upgrade/Downgrade de Oracle Database versiones 9.0.1.5 y 9.2.0.7, tienen un impacto desconocido y vectores de ataque, también se conoce como DB13. NOTA: a partir de 24-04-2007, Oracle no... • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf •
CVSS: 8.8EPSS: 29%CPEs: 4EXPL: 0CVE-2007-0272
https://notcve.org/view.php?id=CVE-2007-0272
17 Jan 2007 — Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. Múltiples desbordamientos de búfer en MDSYS.MD en Oracle Database versiones 8.1.7.4, 9.0.1.5, 9.2.0.7 y 10.1.0.4 permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de vect... • http://osvdb.org/32911 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0276
https://notcve.org/view.php?id=CVE-2007-0276
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4 y 9.0.1.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) Advanced Security Option y oklist o okdstry (DB10), (2) Oracle Net Services (DB13), y (3) Recovery M... • http://osvdb.org/32916 •