CVSS: 9.8EPSS: 50%CPEs: 3EXPL: 0CVE-2007-2116
https://notcve.org/view.php?id=CVE-2007-2116
18 Apr 2007 — Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. Vulnerabilidad no especificada en el componente Advanced Replication en Oracle Database 9.0.1.5+, 9.2.0.7 y 10.1.0.5 tiene impacto y vectores de ataque no espec... • http://www.appsecinc.com/resources/alerts/oracle/2007-07.shtml •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2007-2111
https://notcve.org/view.php?id=CVE-2007-2111
18 Apr 2007 — SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. Una vulnerabilidad de inyección SQL en el paquete SYS.DBMS_AQADM_SYS en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 permite a los usuarios autenticados remotos inyectar comandos ... • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-2115
https://notcve.org/view.php?id=CVE-2007-2115
18 Apr 2007 — Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar." Una vulnerabilidad no especificada en el componente de Change Data Capture (CDC) en Oracle Database versiones 9.2.0.7,... • http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf •
CVSS: 8.8EPSS: 45%CPEs: 5EXPL: 0CVE-2007-2108
https://notcve.org/view.php?id=CVE-2007-2108
18 Apr 2007 — Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. Una vulnerabilidad no especificada en e... • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0269
https://notcve.org/view.php?id=CVE-2007-0269
17 Jan 2007 — Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. Vulnerabilidades no especificadas en Oracle Database 9.2.0.8, 10.1.0.5, y 10.2.0.3 tienen un impacto desconocido y vectores de ataque relacionados con el Change Data Capture y privilegios sys.dbms_cdc_subscribe, tabién conocido cómo DB02. • http://osvdb.org/32908 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0278
https://notcve.org/view.php?id=CVE-2007-0278
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) NLS Runtime y lmsgen (DB12), y (2) Oracle Text y ctxkbtc (DB14). • http://osvdb.org/32918 •
CVSS: 8.8EPSS: 9%CPEs: 4EXPL: 0CVE-2007-0272
https://notcve.org/view.php?id=CVE-2007-0272
17 Jan 2007 — Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. Múltiples desbordamientos de búfer en MDSYS.MD en Oracle Database versiones 8.1.7.4, 9.0.1.5, 9.2.0.7 y 10.1.0.4 permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de vect... • http://osvdb.org/32911 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 35%CPEs: 2EXPL: 1CVE-2007-0274
https://notcve.org/view.php?id=CVE-2007-0274
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION proced... • http://osvdb.org/32914 •
CVSS: 9.8EPSS: 7%CPEs: 3EXPL: 1CVE-2007-0268
https://notcve.org/view.php?id=CVE-2007-0268
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT proced... • http://osvdb.org/32907 •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2007-0275
https://notcve.org/view.php?id=CVE-2007-0275
17 Jan 2007 — Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. Vulnerabilidad de tipo cross-site-scripting (XSS) en Oracle Reports Web... • http://osvdb.org/32906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •