CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2007-2113
https://notcve.org/view.php?id=CVE-2007-2113
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues. Una vulnerabilidad de inyección SQL en el componente de Upgrade/Downgrade (DBMS_UPGRADE_INTERNAL) para la Oracle Database versión 10.1.0.5 permite a los usuarios identificados de forma remota ejecutar comandos SQL arbitrarios por medio de vectores desconocidos, también se conoce como DB07. NOTA: a partir de 24-04-2007, Oracle no ha cuestionado afirmaciones de confianza de que DB07 es en realidad para múltiples problemas. • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_upgrade_internal.html http://www.securityfocus.com/archive/1/466153/100/0/threaded http://www.securityfocus.com/archive/1& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 37%CPEs: 2EXPL: 0CVE-2007-2114
https://notcve.org/view.php?id=CVE-2007-2114
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11). Varias vulnerabilidades no especificadas en Oracle Database versiones 10.1.0.5 y 10.2.0.2 tienen un impacto desconocido y vectores de ataque autenticados remotos, relacionados con (1) Change Data Capture (CDC), también se conoce como DB08, y (2) Oracle Instant Client, también se conoce como DB11. NOTA: a partir de 24-04-2007, oracle no ha cuestionado las afirmaciones confiables de que estos problemas son desbordamientos de búfer utilizando un largo parámetro CHANGE_TABLE_NAME para el procedimiento DBMS_CDC_IPUBLISH.CHGTAB_CACHE (DB08) y el programa genezi de Oracle Client (DB11) • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/ •
CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-2115
https://notcve.org/view.php?id=CVE-2007-2115
Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar." Una vulnerabilidad no especificada en el componente de Change Data Capture (CDC) en Oracle Database versiones 9.2.0.7, 10.1.0.5 y 10.2.0.2 tiene un impacto desconocido y vectores de ataque, también se conoce como DB09. NOTA: a partir de 24-04-2007, Oracle no ha cuestionado las afirmaciones confiables de que este problema implica múltiples vulnerabilidades de inyección SQL en el DBMS_CDC_PUBLISH con vectores autenticados remotos que involucran las "java classes in CDC.jar." • http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securityt •
CVSS: 9.0EPSS: 71%CPEs: 3EXPL: 0CVE-2007-2116
https://notcve.org/view.php?id=CVE-2007-2116
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. Vulnerabilidad no especificada en el componente Advanced Replication en Oracle Database 9.0.1.5+, 9.2.0.7 y 10.1.0.5 tiene impacto y vectores de ataque no especificados, también conocida como DB10. NOTA: a partir de 20070424, Oracle no ha disputado alegaciones sobre que estos son desbordamientos de buffer en kkzi.o para el paquete SYS.DBMS_SNAP_INTERNAL utilizando los parámetros (1) SNAP_OWNER or (2) SNAP_NAME. • http://www.appsecinc.com/resources/alerts/oracle/2007-07.shtml http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466173/100/0/threaded http://www.securityfocus.com/archive/1/466329/100/200/threaded&# •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2117
https://notcve.org/view.php?id=CVE-2007-2117
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon. Vulnerabilidad no especificada en el componente Oracle Text en Oracle Database 9.0.1.5+ y 9.2.0.5 tiene impacto y vectores de ataque no especificados, también conocida como DB12. NOTA: a partir de 20070424, Oracle no ha disputado alegaciones confiables sobre que esto implica un desbordamiento de buffer en el demonio del servidor ctxsrv. • http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.securityfocus.com/archive/1/466329/100/200/threaded http://www.securityfocus.com/bid/23532 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/ •