CVSS: 1.7EPSS: 0%CPEs: 5EXPL: 0CVE-2007-0287
https://notcve.org/view.php?id=CVE-2007-0287
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08. Vulnerabilidad no especificada en Oracle Application Server 9.0.4.3, 10.1.2.0.0, y 10.1.2.0.2; y Collaboration Suite 9.0.4.2 y 10.1.2; tienen impacto y vectores de ataque desconocidos relacionados con los Contenedores para J2EE, también conocido como OC4J08. • http://osvdb.org/32902 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2007-0275 – Oracle HTTP Server Header Cross Site Scripting
https://notcve.org/view.php?id=CVE-2007-0275
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. Vulnerabilidad de tipo cross-site-scripting (XSS) en Oracle Reports Web Cartridge (RWCGI60) en el componente Workflow Cartridge, tal como es usado en Oracle Database versiones 9.2.0.8, 10.1.0.5 y 10.2.0.3; Application Server versiones 9.0.4.3, 10.1.2.0.2 y 10.1.2.2; Collaboration Suite versión 10.1.2; y Oracle E-Business Suite and Applications versión 11.5.10CU2; permite a los usuarios autenticados remotos inyectar script web o HTML arbitrario por medio del parámetro genuser en rwcgi60, también se conoce como OWF01. Oracle HTTP Server for Oracle Application Server 10g version 10.1.2.0.2 suffers from a cross site scripting vulnerability. • http://osvdb.org/32906 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/457193/100/0/threaded http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0285
https://notcve.org/view.php?id=CVE-2007-0285
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. Vulnerabilidad no especificada en Oracle Application Server 9.0.4.3, 10.1.2.0.2, y 10.1.2.2; Collaboration Suite 9.0.4.2 y 10.1.2; y E-Business Suite and Applications 11.5.10CU2 tienen impacto y vectores de ataque desconocidos relacionados con el Desarrollador de Informes Oracle (Oracle Reports Developer), también conocido como REP01. • http://osvdb.org/32894 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0280
https://notcve.org/view.php?id=CVE-2007-0280
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS). Vulnerabilidad no especificada en Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, y 10.1.2.2; y Collaboration Suite 9.0.4.2 y 10.1.2; tiene impacto y vectores de ataque desconocidos relacionados con el componente de notificación y manejo de procesos de Oracle (Oracle Process Mgmt & Notification component), también conocido como OPMN01. NOTA: a partir de 23/01/2007, Oracle no ha cuestionado las afirmaciones de un investigador fiable de que OPMN01 es por un desbordamiento de búfer en el Oracle Notification Service (ONS). • http://osvdb.org/32905 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0281
https://notcve.org/view.php?id=CVE-2007-0281
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. Múltiples vulnerabilidades no especificadas en Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, y 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, y 10.1.3.0; y Collaboration Suite 9.0.4.2 y 10.1.2; tienen impacto y vectores de ataque desconocidos relacionados con el servidor HTTP de Oracle, también conocidos como (1) OHS03 y (2) OHS04. • http://osvdb.org/32883 http://osvdb.org/32884 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •