CVSS: 5.5EPSS: 15%CPEs: 3EXPL: 0CVE-2008-3995 – Oracle DB SQL Injection Via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
https://notcve.org/view.php?id=CVE-2008-3995
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH. Una vulnerabilidad no especificada en el componente Change Data Capture de la base de datos Oracle 10.1.0.5, 10.2.0.4 y 11.1.0.6, permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad, en relación con DBMS_CDC_PUBLISH. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securitytracker.com/id?1021050 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45899 •
CVSS: 5.5EPSS: 10%CPEs: 3EXPL: 0CVE-2008-3996 – Oracle DB SQL Injection Via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE
https://notcve.org/view.php?id=CVE-2008-3996
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH. Vulnerabilidad no especificada en el componente Change Data Capture de Oracle Database 10.1.0.5, 10.2.0.4 y 11.1.0.6 permite a usuarios remotamente autentificados afectar a la confidencialidad e integridad, relacionada con SYS.DBMS_CDC_IPUBLISH. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45900 •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2625
https://notcve.org/view.php?id=CVE-2008-2625
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode. Una vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database versiones 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.2, permite a los atacantes remotos afectar a la confidencialidad y la integridad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de octubre 2008 de Oracle. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securityfocus.com/archive/1/497539/100/0/threaded http://www.securitytracker.com/id?1021050 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45880 •
CVSS: 5.0EPSS: 76%CPEs: 3EXPL: 1CVE-2008-2595 – Oracle Internet Directory 10.1.4 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-2595
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference. Vulnerabilidad sin especificar en el Componente Internet Directory de Oracle Application Server 9.0.4.3, 10.1.2.3, y 10.1.4.2, tienen un impacto y vectores de ataque desconocidos. NOTA: la información previa se ha obtenido de Oraclew July 2008 CPU. Oracle no ha comentado al investigador oficial que puede tratarse de una denegación de servicio (caída) provocada por una petición LDAP mal formada que dispara una deferencia a un puntero NULL. • https://www.exploit-db.com/exploits/6101 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=725 http://secunia.com/advisories/31087 http://secunia.com/advisories/31113 http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html http://www.securitytracker.com/id?1020494 http://www.vupen.com/english/advisories/2008/2109/references http://www.vupen.com/english/advisories/2008/2115 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1815
https://notcve.org/view.php?id=CVE-2008-1815
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB02 is for SQL injection in LOCK_CHANGE_SET. Una vulnerabilidad no especificada en el componente Change Data Capture de Oracle Database versiones 10.1.0.5, 10.2.0.3 y 11.1.0.6, presenta un impacto desconocido y vectores de ataque remotos autenticados relacionados con DBMS_CDC_UTILITY , también se conoce como DB02. NOTA: la información anterior fue obtenida de la CPU de abril de 2008. • http://secunia.com/advisories/29829 http://secunia.com/advisories/29874 http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html http://www.securityfocus.com/archive/1/491024/100/0/threaded http://www.securityfocus.com/archive/1/491522/30/390/threaded http://www.securitytracker.com/id?1019855 http://www.vupen.com/english/advisories/2008/1233/references http://www.vupen.com/english/advisories/2008/1267/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41858 ht •