Page 3 of 15 results (0.020 seconds)

CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0

Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS. • http://secunia.com/advisories/17250 http://www.kb.cert.org/vuls/id/210524 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html http://www.securityfocus.com/bid/15134 http://www.us-cert.gov/cas/techalerts/TA05-292A.html •

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries. Múltiples vulnerabilidades de inyección de SQL en Oracle Applications 11.0 y Oracle E-Business Suite 11.5.1 a 11.5.8 permite a atacantes remotos ejecutar procedimientos y consultas SQL de su elección. • http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0032.html http://marc.info/?l=bugtraq&m=108638417302229&w=2 http://otn.oracle.com/deploy/security/pdf/2004alert67.pdf http://www.ciac.org/ciac/bulletins/o-153.shtml http://www.integrigy.com/alerts/OraAppsSQLInjection.htm http://www.kb.cert.org/vuls/id/961579 http://www.securityfocus.com/bid/10465 http://www.us-cert.gov/cas/techalerts/TA04-160A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16324 •

CVSS: 10.0EPSS: 14%CPEs: 5EXPL: 0

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities." • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.html http://marc.info/?l=bugtraq&m=107945649127635&w=2 http://marc.info/?l=bugtraq&m=108144419001770&w=2 http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf http://secunia.com/advisories/11118 http://www.inaccessnetworks.com/ian/services/secadv01.txt http://www.kb.cert.org/vuls/id/413006 http://www.osvdb.org/4249 http://www.securityfocus.com/bid/9868 https://exchange.xforce.ibmcloud.com/vulnerabilities& •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. • http://marc.info/?l=bugtraq&m=105012832418415&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf http://securitytracker.com/id?1006550 http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm http://www.kb.cert.org/vuls/id/168873 http://www.securityfocus.com/bid/7325 https://exchange.xforce.ibmcloud.com/vulnerabilities/11768 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html http://www.securityfocus.com/bid/2694 https://exchange.xforce.ibmcloud.com/vulnerabilities/6501 •