8 matches found
JVN#50837839 Oracle Application Server vulnerable to cross-site scripting
Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...
Oracle XDB component PITRIG_DROPMETADATA buffer overflow
Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...
Oracle XDB component PITRIG_DROPMETADATA buffer overflow
Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...
Oracle XDB component PITRIG_DROPMETADATA buffer overflow
Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...
CVE-2007-3856
Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMPSYS, aka DB04...
CVE-2006-2505
The CVE-2006-2505 entry affects Oracle Database Server 10g Release 2. the issue arises in the DBMS_EXPORT_EXTENSION package, specifically the functions GET_DOMAIN_INDEX_TABLES and GET_V2_DOMAIN_INDEX_TABLES, where a reference to a malicious package in the TYPE_NAME argument can let local users ru...
CVE-2006-2081
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GETDOMAININDEXMETADATA function in the DBMSEXPORTEXTENSION package. NOTE: this issue was originally linked to DB05 CVE-2006-1870, but a reliable third party has claimed that it is not the same issue...
CVE-2006-2081
CVE-2006-2081 affects Oracle Database Server 10g Release 2, where local users can trigger arbitrary SQL via the GET_DOMAIN_INDEX_METADATA function in DBMS_EXPORT_EXTENSION. The primary issue is insecure privileges that allow SQL to be introduced outside of a character-based injection, not a tradi...