CVE-2011-0875
https://notcve.org/view.php?id=CVE-2011-0875
Unspecified vulnerability in the EMCTL component in Oracle Database Server 11.1.0.7 and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente EMCTL en Oracle Database Server v11.1.0.7 y Oracle Enterprise Manager Grid Control v10.1.0.6, v10.2.0.5, y 11.1.0.1 permite a usuarios autenticados de forma remota afectar la confidencialidad e integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://www.securityfocus.com/bid/48760 http://www.us-cert.gov/cas/techalerts/TA11-201A.html •
CVE-2011-0848
https://notcve.org/view.php?id=CVE-2011-0848
Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Model. Vulnerabilidad no especificada en el componente Security Framework en Oracle Database Server v10.1.0.5, v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.1, y v11.2.0.2; y Oracle Enterprise Manager Grid Control v10.1.0.6 y v10.2.0.5; permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionado con User Model. • http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://www.us-cert.gov/cas/techalerts/TA11-201A.html •
CVE-2011-0816
https://notcve.org/view.php?id=CVE-2011-0816
Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente CMDB Metadata & Instance APIs en Oracle Database Server v10.1.0.5, v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.1, y v11.2.0.2; y Oracle Enterprise Manager Grid Control v10.1.0.6 y v10.2.0.5; permite a usuarios autenticados de forma remota afectar la confidencialidad e integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://www.us-cert.gov/cas/techalerts/TA11-201A.html •
CVE-2011-0870
https://notcve.org/view.php?id=CVE-2011-0870
Unspecified vulnerability in the Schema Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Schema Management en Oracle Database Server v10.1.0.5, v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.1, v11.2.0.2, y Oracle Enterprise Manager Grid Control v10.1.0.6 y v10.2.0.5; permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://www.us-cert.gov/cas/techalerts/TA11-201A.html •
CVE-2010-3600 – Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3600
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code. Una vulnerabilidad no especificada en el componente Client System Analyzer en Database Server versiones 11.1.0.7 y 11.2.0.1 y Enterprise Manager Grid Control versión 10.2.0.5, de Oracle, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de enero de 2011. • https://www.exploit-db.com/exploits/22714 https://github.com/LAITRUNGMINHDUC/CVE-2010-3600-PythonHackOracle11gR2 http://secunia.com/advisories/42895 http://secunia.com/advisories/42921 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45883 http://www.securitytracker.com/id?1024972 http://www.vupen.com/english/advisories/2011/0139 http://www.vupen.com/english/advisories/2011/0140 http://www.zerodayinitiative.com/advisories/ZDI-11-018 •