Lucene search
K

8 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/01/14 12:0 a.m.17 views

JVN#50837839 Oracle Application Server vulnerable to cross-site scripting

Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

6.3AI score
Exploits0
Saint
Saint
added 2007/11/23 12:0 a.m.46 views

Oracle XDB component PITRIG_DROPMETADATA buffer overflow

Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...

6CVSS7.4AI score0.05385EPSS
Exploits8
Saint
Saint
added 2007/11/23 12:0 a.m.41 views

Oracle XDB component PITRIG_DROPMETADATA buffer overflow

Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...

6CVSS7.5AI score0.05385EPSS
Exploits8
Saint
Saint
added 2007/11/23 12:0 a.m.34 views

Oracle XDB component PITRIG_DROPMETADATA buffer overflow

Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...

6CVSS7.4AI score0.05385EPSS
Exploits8
NVD
NVD
added 2007/07/18 7:30 p.m.32 views

CVE-2007-3856

Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMPSYS, aka DB04...

6.5CVSS5.8AI score0.03172EPSS
Exploits0References11
CVE
CVE
added 2006/05/22 7:0 p.m.57 views

CVE-2006-2505

The CVE-2006-2505 entry affects Oracle Database Server 10g Release 2. the issue arises in the DBMS_EXPORT_EXTENSION package, specifically the functions GET_DOMAIN_INDEX_TABLES and GET_V2_DOMAIN_INDEX_TABLES, where a reference to a malicious package in the TYPE_NAME argument can let local users ru...

3.6CVSS7AI score0.02086EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/04/27 11:0 p.m.36 views

CVE-2006-2081

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GETDOMAININDEXMETADATA function in the DBMSEXPORTEXTENSION package. NOTE: this issue was originally linked to DB05 CVE-2006-1870, but a reliable third party has claimed that it is not the same issue...

6.7AI score0.21556EPSS
Exploits3References12
CVE
CVE
added 2006/04/27 11:0 p.m.77 views

CVE-2006-2081

CVE-2006-2081 affects Oracle Database Server 10g Release 2, where local users can trigger arbitrary SQL via the GET_DOMAIN_INDEX_METADATA function in DBMS_EXPORT_EXTENSION. The primary issue is insecure privileges that allow SQL to be introduced outside of a character-based injection, not a tradi...

4.6CVSS6.8AI score0.21556EPSS
Exploits3References12Affected Software1
Rows per page
Query Builder