CVE-2007-2130
https://notcve.org/view.php?id=CVE-2007-2130
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. Vulnerabilidad no especificada en Workflow Cartridge, tal y como se usa en Oracle Database Server 9.2.0.1, 10.1.0.2, y 10.2.0.1; Application Server 9.0.4.3 y 10.1.2.0.2; Collaboration Suite 10.1.2; y E-Business Suite; tienen un impacto desconocido y vectores de ataque remotos autenticados, también conocido como OWF01. • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/TA07-108A.html http://www.vupen.com/english/advisories/2007/1426 •
CVE-2007-0278
https://notcve.org/view.php?id=CVE-2007-0278
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) NLS Runtime y lmsgen (DB12), y (2) Oracle Text y ctxkbtc (DB14). • http://osvdb.org/32918 http://osvdb.org/32920 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVE-2007-0274
https://notcve.org/view.php?id=CVE-2007-0274
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL. Múltiples vulnerabilidades no especificadas en Oracle Database 9.2.0.7 y 10.1.0.5 tienen un impacto desconocido y vectores de ataque relacionados con 1) Export y sys.dbms_logrep_util (DB08), y 2) Oracle Streams y privilegios sys.dbms_capture_adm_internal(DB09). NOTA: Oracle no ha cuestionado las afirmaciones de un investigador fiable de que DB08 es por un desbordamiento de búfer en el proceso GET_OBJECT_NAME en el paquete DBMS_LOGREP_UTIL, y DB09 es por desbordamientos de búfer en los procesos CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION en SYS.DBMS_CAPTURE_ADM_INTERNAL. • http://osvdb.org/32914 http://osvdb.org/32915 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/458037/100/0/threaded http://www.securityfocus.com/archive/1/458041/100/0/threaded http://www.securityfocus.com/archive/1/458112/100/100/threaded http://www.securityfocus.com/archive/1/458126/100/0/threaded http://www.securityfocus.com/archive •
CVE-2007-0273
https://notcve.org/view.php?id=CVE-2007-0273
Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities. Vulnerabilidad no especificada en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, y 10.2.0.3 tienen un impacto desconocido y vectores de ataque relacionados con XMLDB, también conocido como DBO6. NOTA: desde el 23/01/2007, Oracle no ha cuestionado las afirmaciones de un investigador fiable de que DB06 es por múltiples vulnerabilidades Cross-site scripting (XSS). • http://osvdb.org/32912 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_xmldb_css2.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVE-2007-0270
https://notcve.org/view.php?id=CVE-2007-0270
Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03. Un desbordamiento de búfer en SYS.DBMS_DRS en Oracle Database versiones 9.2.0.7 y 10.1.0.4, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de la función GET_PROPERTY en SYS.DBMS_DRS, también se conoce como DB03. • http://osvdb.org/32909 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.appsecinc.com/resources/alerts/oracle/2007-04.shtml http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/458036/100/0/threaded http://www.securityfocus.com/archive/1/474050/100/0/threaded http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •