CVE-2007-0280
https://notcve.org/view.php?id=CVE-2007-0280
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS). Vulnerabilidad no especificada en Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, y 10.1.2.2; y Collaboration Suite 9.0.4.2 y 10.1.2; tiene impacto y vectores de ataque desconocidos relacionados con el componente de notificación y manejo de procesos de Oracle (Oracle Process Mgmt & Notification component), también conocido como OPMN01. NOTA: a partir de 23/01/2007, Oracle no ha cuestionado las afirmaciones de un investigador fiable de que OPMN01 es por un desbordamiento de búfer en el Oracle Notification Service (ONS). • http://osvdb.org/32905 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVE-2007-0281
https://notcve.org/view.php?id=CVE-2007-0281
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. Múltiples vulnerabilidades no especificadas en Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, y 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, y 10.1.3.0; y Collaboration Suite 9.0.4.2 y 10.1.2; tienen impacto y vectores de ataque desconocidos relacionados con el servidor HTTP de Oracle, también conocidos como (1) OHS03 y (2) OHS04. • http://osvdb.org/32883 http://osvdb.org/32884 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html http://secunia.com/advisories/18621 http://secunia.com/advisories/19712 http://secunia.com/advisories/19859 http://securityreason.com/securityalert/402 http://securityreason.com/securityalert/403 http://securitytracker.com/id?1015544 http://securitytracker.com/id?10 •
CVE-2004-2115 – Oracle HTTP Server 8.1.7/9.0.1/9.2 - isqlplus Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2115
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. • https://www.exploit-db.com/exploits/23593 http://marc.info/?l=bugtraq&m=107496560106967&w=2 http://www.securityfocus.com/bid/9484 https://exchange.xforce.ibmcloud.com/vulnerabilities/14930 •
CVE-2004-1877
https://notcve.org/view.php?id=CVE-2004-1877
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. • http://marc.info/?l=bugtraq&m=108067040722235&w=2 http://www.securityfocus.com/bid/10009 https://exchange.xforce.ibmcloud.com/vulnerabilities/15676 •