Page 7 of 76 results (0.029 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 tienen vectores de impacto y ataque desconocidos relacionados con (1) el componente Advanced Queue Server y los privilegios sys.dbms_aqsys.dbms_aq (DB01), (2) Advanced Replication and sys.dbms_ repcat_untrusted (DB07) y (3) Oracle Text y ctxload (DB15). NOTA: Oracle no ha reclamado públicamente por investigadores confiables de que DB01 es para inyección SQL en el SYS. DBMS_AQ_INV y DB07 es para un desbordamiento de búfer en el procedimiento UNREGISTER_SNAPSHOT en el paquete DBMS_REPCAT_UNTRUSTED. • http://osvdb.org/32907 http://osvdb.org/32913 http://osvdb.org/32921 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.kb.cert.org/vuls/id/221788 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html http://www.securityfocus.com/archive/1/458005/100/0/threaded http://www.securityfocus.com/archive/1/458475/100/100/threaded http:/ •

CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0

Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution. Vulnerabilidad no especificada en Oracle Database 9.0.1.5 y 9.2.0.7 tiene un impacto desconocido y vectores de ataque relacionados con el componente Log Miner y privilegios sys.dbms_log_mnr, también conocido como DB04. NOTA: Oracle no ha cuestionado las afirmaciones de un investigador fiable de que es un desbordamiento de búfer en el proceso ADD_LOGFILE en el paquete SYS.DBMS_LOGMNR que permite una ejecución de código. • http://osvdb.org/32910 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/458006/100/0/threaded http://www.securityfocus.com/archive/1/458475/100/100/threaded http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmclo •

CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0

Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB11 is related to "length checking" in the RELATE function before MD2.RELATE is called. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.4 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_geom, también conocido como Vuln# DB11. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB11 está relacionada con la "comprobación de longitud" en la función RELATE antes de que se llame a MD2.RELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •

CVSS: 7.1EPSS: 2%CPEs: 3EXPL: 0

Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_tune, aka Vuln# DB18. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB18 might be related to SQL injection in the EXTENT_OF function. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 9.0.1.5, 9.2.0.6, y 10.1.0.3 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_tune, también conocido como Vuln# DB18. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB18 podría estar relacionado con inyección SQL en la función EXTENT_OF. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •

CVSS: 7.1EPSS: 1%CPEs: 3EXPL: 0

Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote authenticated attack vectors related to mdsys.md2, aka Vuln# DB03. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB03 is related to one or more of (1) a buffer overflow in the (a) RELATE function or (2) SQL injection in the (b) TESSELATE_FIXED and (c) TESSELATE function. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 9.0.1.5, 9.2.0.7, y 10.1.0.5 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionado con mdsys.md2, también conocido como Vuln# DB03. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de queDB03 está relacionado con uno o más de (1) un desbordamiento de búfer en la función (a) RELATE o (2) inyección SQL en las funciones (b) RESSELATE_FIXED y (c) TESSELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •