CVSS: 6.8EPSS: 7%CPEs: 6EXPL: 0CVE-2007-2119
https://notcve.org/view.php?id=CVE-2007-2119
18 Apr 2007 — Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en boundary_rules.jsp en el Administration Front End para Oracle Enterprise (Ultra) Search,... • http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html •
CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 0CVE-2007-2130
https://notcve.org/view.php?id=CVE-2007-2130
18 Apr 2007 — Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. Vulnerabilidad no especificada en Workflow Cartridge, tal y como se usa en Oracle Database Server 9.2.0.1, 10.1.0.2, y 10.2.0.1; Application Server 9.0.4.3 y 10.1.2.0.2; Collaboration Suite 10.1.2; y E-Business Suite; tienen un impa... • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf •
CVSS: 7.8EPSS: 37%CPEs: 3EXPL: 0CVE-2007-2120
https://notcve.org/view.php?id=CVE-2007-2120
18 Apr 2007 — The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01. El Servlet Discoverer de Oracle en Oracle Application Server versiones 9.0.4.3, 10.1.2.0.2 y 10.1.2.2.0 permite a los atacantes remotos cerrar un TNS listener de Oracle por medio de un comando TNS STOP de una petición que utiliza el alias database/TNS. también se conoce como A... • http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-2123
https://notcve.org/view.php?id=CVE-2007-2123
18 Apr 2007 — Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. Vulnerabilidad no especificada en el componente Portal en Oracle Application Server 10.1.3 hasta la 10.1.3.2.0, 10.1.2 hasta la 10.1.2.2.0, y 9.0.4.3 tiene un impacto desconocido y vectores de ataque, también conocido como AS04. • http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2007-0281
https://notcve.org/view.php?id=CVE-2007-0281
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. Múltiples vulnerabilidades no especificadas en Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, y 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2... • http://osvdb.org/32883 •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2007-0275
https://notcve.org/view.php?id=CVE-2007-0275
17 Jan 2007 — Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. Vulnerabilidad de tipo cross-site-scripting (XSS) en Oracle Reports Web... • http://osvdb.org/32906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2007-0285
https://notcve.org/view.php?id=CVE-2007-0285
17 Jan 2007 — Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. Vulnerabilidad no especificada en Oracle Application Server 9.0.4.3, 10.1.2.0.2, y 10.1.2.2; Collaboration Suite 9.0.4.2 y 10.1.2; y E-Business Suite and Applications 11.5.10CU2 tienen impacto y vectores de ataque desconocidos relacionados con el ... • http://osvdb.org/32894 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2007-0284
https://notcve.org/view.php?id=CVE-2007-0284
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. Múltiples vulnerabilidades no especificadas en Oracle Application Server 9.0.4.3 y 10.1.2.0.0, y Collaboration Suite 9.0.4.2, tienen impacto y vectores de ataque desconocidos relacionados con Contenedores de Oracle para J2EE, también conocidos como (1) OC4J03 y (2) OC4J04. • http://osvdb.org/32897 •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2007-0280
https://notcve.org/view.php?id=CVE-2007-0280
17 Jan 2007 — Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS). Vulnerabilidad no especificada en Oracle HTTP Server 9.0.1.5, Application Server ... • http://osvdb.org/32905 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0282
https://notcve.org/view.php?id=CVE-2007-0282
17 Jan 2007 — Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02. Vulnerabilidad no especificada en Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 y 10.1.2.0.0, y Collaboration Suite 9.0.4.2 tienen impacto y vectores de ataque desconocidos relacionados con el componente de Administración y Notificación de Procesos Oracle (Ora... • http://secunia.com/advisories/23794 •