CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2126
https://notcve.org/view.php?id=CVE-2007-2126
Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02). Vulnerabilidad no especificada en Oracle E-Business Suite 11.5.10CU2 tiene un impacto desconocido y vectores de ataque remotos en (1) Common Applications (APPS01) y (2) iProcurement (APPS02). • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/TA07-108A.html http://www.vupen.com/english/advisories/2007/1426 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2135 – Oracle E-Business Suite Arbitrary Document Download Vulnerability
https://notcve.org/view.php?id=CVE-2007-2135
The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. El componente ADI_BINARY en Oracle E-Business Suite permite a atacantes remotos descargar documentos desde la tabla APPS.FND_DOCUMENTS mediante la función ADI_DISPLAY_REPORT, al pasar cierto parámetro. NOTA: debido a la escasez de detalles aportados por Oracle, no está claro si este asunto está relacionado con otros identificadores CVE como CVE-2007-2126, CVE-2007-2127, o CVE-2007-2128. This vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. • http://osvdb.org/39959 http://securityreason.com/securityalert/2612 http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466215/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-07-017.html •
CVSS: 9.4EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2170 – Oracle E-Business Suite Arbitrary Node Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2007-2170
The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. El paquete APPLSYS.FND_DM_NODES en Oracle E-Business Suite no comprueba la validez de las sesiones, lo cual permite a atacantes remotos borrar nodos de su elección. NOTA: debido a la escasez de detalles aportados por Oracle, no está claro si este asunto está relacionado con otros identificadores CVE como CVE-2007-2126, CVE-2007-2127, o CVE-2007-2128. This vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. • http://osvdb.org/39958 http://securityreason.com/securityalert/2611 http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466214/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-07-016.html •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2007-0279
https://notcve.org/view.php?id=CVE-2007-0279
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. Múltiples vulnerabilidades no especificadas en Oracle HTTP Server 9.2.0.8 y Oracle E-Business Suite and Applications 11.5.10CU2 tienen impacto y vectores de ataque desconocidos, también conocidos como (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, y (5) OHS07. • http://osvdb.org/32881 http://osvdb.org/32882 http://osvdb.org/32885 http://osvdb.org/32886 http://osvdb.org/32887 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0291
https://notcve.org/view.php?id=CVE-2007-0291
Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02. Vulnerabilidad no especificada en Oracle E_Business Suite and Applications 6.2.3 tienen impacto y vectores de ataque desconocidos relacionados con Oracle Exchange, también conocido como APPS02. • http://osvdb.org/32889 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •