CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-2110
https://notcve.org/view.php?id=CVE-2007-2110
18 Apr 2007 — Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions... • http://www.freelists.org/archives/oracle-l/12-2006/msg00004.html •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2007-2111
https://notcve.org/view.php?id=CVE-2007-2111
18 Apr 2007 — SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. Una vulnerabilidad de inyección SQL en el paquete SYS.DBMS_AQADM_SYS en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 permite a los usuarios autenticados remotos inyectar comandos ... • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2007-2115
https://notcve.org/view.php?id=CVE-2007-2115
18 Apr 2007 — Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar." Una vulnerabilidad no especificada en el componente de Change Data Capture (CDC) en Oracle Database versiones 9.2.0.7,... • http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf •
CVSS: 9.8EPSS: 17%CPEs: 3EXPL: 0CVE-2007-2116
https://notcve.org/view.php?id=CVE-2007-2116
18 Apr 2007 — Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. Vulnerabilidad no especificada en el componente Advanced Replication en Oracle Database 9.0.1.5+, 9.2.0.7 y 10.1.0.5 tiene impacto y vectores de ataque no espec... • http://www.appsecinc.com/resources/alerts/oracle/2007-07.shtml •
CVSS: 6.8EPSS: 6%CPEs: 6EXPL: 0CVE-2007-2119
https://notcve.org/view.php?id=CVE-2007-2119
18 Apr 2007 — Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en boundary_rules.jsp en el Administration Front End para Oracle Enterprise (Ultra) Search,... • http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html •
CVSS: 9.0EPSS: 2%CPEs: 7EXPL: 0CVE-2007-2130
https://notcve.org/view.php?id=CVE-2007-2130
18 Apr 2007 — Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. Vulnerabilidad no especificada en Workflow Cartridge, tal y como se usa en Oracle Database Server 9.2.0.1, 10.1.0.2, y 10.2.0.1; Application Server 9.0.4.3 y 10.1.2.0.2; Collaboration Suite 10.1.2; y E-Business Suite; tienen un impa... • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf •
CVSS: 8.8EPSS: 29%CPEs: 4EXPL: 0CVE-2007-0272
https://notcve.org/view.php?id=CVE-2007-0272
17 Jan 2007 — Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. Múltiples desbordamientos de búfer en MDSYS.MD en Oracle Database versiones 8.1.7.4, 9.0.1.5, 9.2.0.7 y 10.1.0.4 permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de vect... • http://osvdb.org/32911 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0278
https://notcve.org/view.php?id=CVE-2007-0278
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) NLS Runtime y lmsgen (DB12), y (2) Oracle Text y ctxkbtc (DB14). • http://osvdb.org/32918 •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 1CVE-2007-0268
https://notcve.org/view.php?id=CVE-2007-0268
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT proced... • http://osvdb.org/32907 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0269
https://notcve.org/view.php?id=CVE-2007-0269
17 Jan 2007 — Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. Vulnerabilidades no especificadas en Oracle Database 9.2.0.8, 10.1.0.5, y 10.2.0.3 tienen un impacto desconocido y vectores de ataque relacionados con el Change Data Capture y privilegios sys.dbms_cdc_subscribe, tabién conocido cómo DB02. • http://osvdb.org/32908 •