CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3467 – Oracle Patches 27 Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3467
Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Application Express en Oracle Database Server en versiones anteriores a 5.0.4 permite a atacantes remotos afectar la disponiblidad a través de vectores desconocidos. A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, and Agile DB components. These issues include SQL injection, cross site scripting, XXE injection, SSRF, failed access controls, and more. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91894 http://www.securitytracker.com/id/1036363 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1822
https://notcve.org/view.php?id=CVE-2008-1822
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02. Vulnerabilidad no especificada en el componente Oracle Application Express en Oracle Application Express 3.0.1 tiene impacto y vectores de ataque remotos, también conocido como APEX02. • http://secunia.com/advisories/29829 http://secunia.com/advisories/29874 http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html http://www.securityfocus.com/archive/1/491024/100/0/threaded http://www.securitytracker.com/id?1019855 http://www.vupen.com/english/advisories/2008/1233/references http://www.vupen.com/english/advisories/2008/1267/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41858 https://exchange.xforce.ibmcloud.com/vulnerabilities/42041 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1811
https://notcve.org/view.php?id=CVE-2008-1811
Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that APEX01 is for insufficient authorization checks for SQL commands in the run_ddl function in flows_030000.wwv_execute_immediate, allowing privilege escalation by certain non-DBA remote authenticated users. Una vulnerabilidad no especificada en Oracle Application Express versión 3.0.1, presenta un impacto no especificado y vectores de ataque autenticados remotos relacionados con flows_030000.wwv_execute_immediate, también se conoce como APEX01. NOTA: la información anterior fue obtenida de la CPU de abril de 2008. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=690 http://secunia.com/advisories/29829 http://secunia.com/advisories/29874 http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html http://www.securityfocus.com/archive/1/491024/100/0/threaded http://www.securitytracker.com/id?1019855 http://www.vupen.com/english/advisories/2008/1233/references http://www.vupen.com/english/advisories/2008/1267/references https://exchange.xforce.ibmcloud.com/vulnerabilities/4185 •