CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0285
https://notcve.org/view.php?id=CVE-2007-0285
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. Vulnerabilidad no especificada en Oracle Application Server 9.0.4.3, 10.1.2.0.2, y 10.1.2.2; Collaboration Suite 9.0.4.2 y 10.1.2; y E-Business Suite and Applications 11.5.10CU2 tienen impacto y vectores de ataque desconocidos relacionados con el Desarrollador de Informes Oracle (Oracle Reports Developer), también conocido como REP01. • http://osvdb.org/32894 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2007-0275 – Oracle HTTP Server Header Cross Site Scripting
https://notcve.org/view.php?id=CVE-2007-0275
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. Vulnerabilidad de tipo cross-site-scripting (XSS) en Oracle Reports Web Cartridge (RWCGI60) en el componente Workflow Cartridge, tal como es usado en Oracle Database versiones 9.2.0.8, 10.1.0.5 y 10.2.0.3; Application Server versiones 9.0.4.3, 10.1.2.0.2 y 10.1.2.2; Collaboration Suite versión 10.1.2; y Oracle E-Business Suite and Applications versión 11.5.10CU2; permite a los usuarios autenticados remotos inyectar script web o HTML arbitrario por medio del parámetro genuser en rwcgi60, también se conoce como OWF01. Oracle HTTP Server for Oracle Application Server 10g version 10.1.2.0.2 suffers from a cross site scripting vulnerability. • http://osvdb.org/32906 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/457193/100/0/threaded http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2006-5365
https://notcve.org/view.php?id=CVE-2006-5365
Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln# FORM02. Vulnerabilidad no especificada en Oracle Forms en Oracle Application Server 9.0.4.3 y 10.1.2.0.2, y E-Business Suite y Applications 11.5.10CU2, tiene impacto y vectores de ataque remotos desconocidos, también conocido como Vuln# FORM02. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/TA06-291A.html http://www.vupen.com/english/advisories/2006/4065 •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2006-5356
https://notcve.org/view.php?id=CVE-2006-5356
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, and Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J02. Vulnerabilidad no especificada en Oracle Containers para componentes J2EE en Oracle Application Server 9.0.4.3, 10.1.2.0.2, y 10.1.2.1.0, y Collaboration Suite 9.0.4.2 y 10.1.2, tiene impacto y vectores de ataque remotos desconocidos, también conocido como Vuln# OC4J02. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/TA06-291A.html http://www.vupen.com/english/advisories/2006/4065 •
CVSS: 10.0EPSS: 6%CPEs: 3EXPL: 0CVE-2006-5359
https://notcve.org/view.php?id=CVE-2006-5359
Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. NOTE: as of 20061027, Oracle has not disputed reports from a reliable researcher that these issues are related to (a) showenv and (b) parsequery for REP01, and (c) cellwrapper and (d) delimiter for REP02. Múltiples vulnerabilidades no especificadas en el componente Oracle Reports Developer en Oracle Application Server 9.0.4.3 y 10.1.2.0.2, y Oracle E-Business Suite y Applications 11.5.10CU2, tienen impacto y vectores de ataque remotos desconocidos, también conocido como Vuln# (1) REP01 y (2) REP02. NOTA: a fecha de 27/10/2006, Oracle no ha negado los informes de un investigador fiable de que estos problemas están relacionacos con (a) showenv y (b) parsequery en el caso de REP01, y (c) cellwrappper y (d) delimiter para REP02. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.red-database-security.com/advisory/oracle_reports_css.html http://www.securityfocus.com/archive/1/449503/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techale •