334 matches found
Oracle Database Multiple Vulnerabilities (July 2010 CPU)
The remote Oracle database server is missing the July 2010 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Listener - Net Foundation Layer - Oracle OLAP - Application Express - Network Layer - Export %NASLMINLEVEL 70300 C Tenable...
CVE-2010-0892
CVE-2010-0892 affects Oracle Application Express (Apex) within Oracle Database Server 3.2.0.00.27. The vulnerability is described as unspecified, allowing remote attackers to affect integrity via unknown vectors. Oracle’s July 2010 CPU documents this CVE under Oracle Database Server, with the Ape...
CVE-2010-0076
Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...
CVE-2010-0076
CVE-2010-0076 affects Oracle Database 3.2.1.00.10 (Application Express Application Builder). An unspecified vulnerability allows remote, authenticated attackers to impact confidentiality, integrity, and availability via unpublished vectors. CVSS 2.0 base score 6.0 (Network, Medium complexity, sin...
CVE-2009-1993
Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS030000.WWVEXECUTEIMMEDIATE...
CVE-2009-1993
Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS030000.WWVEXECUTEIMMEDIATE...
CVE-2009-1993
CVE-2009-1993 affects Oracle Application Express (Apex) within Oracle Database 3.0.1. The vulnerability allows remote authenticated users to affect confidentiality and integrity through FLOWS_030000.WWV_EXECUTE_IMMEDIATE. The October 2009 CPU includes a fix for this, as part of the Oracle Databas...
Oracle存在多个安全漏洞
CNCAN ID:CNCAN-2009041604 多个Oracle产品存在漏洞,可导致SQL注入,泄漏敏感信息或使攻击者破坏系统: -Oracle Process Manager和Notification opmn守护程序存在格式串错误,提交特殊构建的POST请求给port 6000/TCP可导致任意代码执行。 -传递给"DBMSAQIN"的输入在使用前缺少过滤,可导致注入任意SQL代码。 -Oracle数据库包含的Application Express组件存在错误,非特权用户可以获得"LOWS030000.WWVFLOWUSER"中的APEX密码HASH。 目前还存在多个未知漏洞。...
Design/Logic Flaw
Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...
CVE-2008-4005
CVE-2008-4005 affects Oracle Database 11.1.0.6 via the Oracle Application Express component. The Nessus/OSS content confirms an unspecified vulnerability allowing remote authenticated users to affect confidentiality, integrity, and availability through unknown vectors. A patch is noted: Oracle Ap...
CVE-2008-4005
Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02...
Authorization
Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows030000.wwvexecuteimmediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher...
CVE-2008-1811
Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows030000.wwvexecuteimmediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher...
CVE-2008-1811
Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows030000.wwvexecuteimmediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher...
CVE-2008-1822
CVE-2008-1822 describes an unspecified vulnerability in the Oracle Application Express component of Oracle Application Express 3.0.1 (aka APEX02). The connected sources indicate the issue has unknown impact and remote attack vectors, with a NVD CVSS v2 base score of 10.0 (HIGH). There are no prov...
CVE-2008-1811
CVE-2008-1811 relates to Oracle Application Express 3.0.1. The vulnerability lies in the flows_030000.wwv_execute_immediate.run_ddl function within the wwv_execute_immediate package, in the flows_030000 schema, enabling privilege escalation by certain remote authenticated users (non-DBA). The iss...
CVE-2008-1822
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02...
iDefense Security Advisory 04.15.08: Oracle Application Express Privilege Escalation Vulnerability
iDefense Security Advisory 04.15.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 15, 2008 I. BACKGROUND Oracle Application Express Oracle APEX, formerly called HTML DB, is a rapid web application development tool for the Oracle database. For more information about Oracle Application...