CVSS: 5.5EPSS: 15%CPEs: 3EXPL: 0CVE-2008-3995 – Oracle DB SQL Injection Via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
https://notcve.org/view.php?id=CVE-2008-3995
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH. Una vulnerabilidad no especificada en el componente Change Data Capture de la base de datos Oracle 10.1.0.5, 10.2.0.4 y 11.1.0.6, permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad, en relación con DBMS_CDC_PUBLISH. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securitytracker.com/id?1021050 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45899 •
CVSS: 5.5EPSS: 10%CPEs: 3EXPL: 0CVE-2008-3996 – Oracle DB SQL Injection Via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE
https://notcve.org/view.php?id=CVE-2008-3996
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH. Vulnerabilidad no especificada en el componente Change Data Capture de Oracle Database 10.1.0.5, 10.2.0.4 y 11.1.0.6 permite a usuarios remotamente autentificados afectar a la confidencialidad e integridad, relacionada con SYS.DBMS_CDC_IPUBLISH. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45900 •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2625
https://notcve.org/view.php?id=CVE-2008-2625
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode. Una vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database versiones 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.2, permite a los atacantes remotos afectar a la confidencialidad y la integridad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de octubre 2008 de Oracle. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securityfocus.com/archive/1/497539/100/0/threaded http://www.securitytracker.com/id?1021050 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45880 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1815
https://notcve.org/view.php?id=CVE-2008-1815
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB02 is for SQL injection in LOCK_CHANGE_SET. Una vulnerabilidad no especificada en el componente Change Data Capture de Oracle Database versiones 10.1.0.5, 10.2.0.3 y 11.1.0.6, presenta un impacto desconocido y vectores de ataque remotos autenticados relacionados con DBMS_CDC_UTILITY , también se conoce como DB02. NOTA: la información anterior fue obtenida de la CPU de abril de 2008. • http://secunia.com/advisories/29829 http://secunia.com/advisories/29874 http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html http://www.securityfocus.com/archive/1/491024/100/0/threaded http://www.securityfocus.com/archive/1/491522/30/390/threaded http://www.securitytracker.com/id?1019855 http://www.vupen.com/english/advisories/2008/1233/references http://www.vupen.com/english/advisories/2008/1267/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41858 ht •
CVSS: 4.0EPSS: 1%CPEs: 4EXPL: 0CVE-2008-1820
https://notcve.org/view.php?id=CVE-2008-1820
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure. Una vulnerabilidad no especificada en el componente Data Pump en Oracle Database versiones 9.2.0.8, 10.1.0.5, 10.2.0.3 y 11.1.0.6, presenta un impacto desconocido y vectores de ataque remotos relacionados con KUPF$FILE_INT, también se conoce como DB11. NOTA: la información anterior fue obtenida de la CPU de abril de 2008. • http://secunia.com/advisories/29829 http://secunia.com/advisories/29874 http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html http://www.securityfocus.com/archive/1/491024/100/0/threaded http://www.securityfocus.com/archive/1/491524/30/390/threaded http://www.securitytracker.com/id?1019855 http://www.vupen.com/english/advisories/2008/1233/references http://www.vupen.com/english/advisories/2008/1267/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41858 ht •