CVE-2009-1985

Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2009-2001

CVE-2009-2001 details (Oracle DB): Unspecified vulnerability in the PL/SQL component of Oracle Database 10.2.0.4 and 11.1.0.7. Exploitation requires remote access with authentication and can affect confidentiality, integrity, and availability . The Oracle October 2009 CPU documents this as a PL/S...

CVE-2009-1994

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVTCMTCBK...

CVE-2009-1992

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2009-1007

CVE-2009-1007 affects Oracle Database (Data Mining component) in 10.2.0.4. The vulnerability allows an authenticated remote user to execute commands on SYS.DMP_SYS, impacting confidentiality, integrity, and availability (partial/Partial+). The CVSS base score in NVD is 6.5 (MEDIUM) with network a...

CVE-2009-1993

CVE-2009-1993 affects Oracle Application Express (Apex) within Oracle Database 3.0.1. The vulnerability allows remote authenticated users to affect confidentiality and integrity through FLOWS_030000.WWV_EXECUTE_IMMEDIATE. The October 2009 CPU includes a fix for this, as part of the Oracle Databas...

CVE-2009-1992

CVE-2009-1992 affects Oracle Database Core RDBMS components (versions 9.2.0.8, 10.1.0.5, 10.2.0.4). The vulnerability allows remote attackers to impact confidentiality, integrity, and availability via unknown vectors. The issue is listed in the Oracle October 2009 CPU with a Base Score of 10.0 (C...

CVE-2009-1994

CVE-2009-1994 is an Oracle Database 10.1.0.5 vulnerability in the Spatial component (MDSYS.PRVT_CMT_CBK). The issue is listed under the October 2009 CPU with CVSS v2 base score 6.5 (MEDIUM). It can be triggered by an authenticated remote user via Oracle Net to execute code on MDSYS.PRVT_CMT_CBK, ...

CVE-2009-1964

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2009-1979

CVE-2009-1979 concerns a buffer overflow in Oracle Database Server Network Authentication (AUTH_SESSKEY) on Oracle 10.1.0.5 and 10.2.0.4. The vulnerability arises from insufficient validation of the AUTH_SESSKEY length, allowing a remote attacker to send crafted packets that may lead to arbitrary...

CVE-2009-1972

Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMSSYSSQL and DBMSSQL...

CVE-2009-1997

Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors...

CVE-2009-1979

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not...

CVE-2009-1964

CVE-2009-1964 affects Oracle Database 10.2.0.4 Workspace Manager. Description: an unspecified vulnerability that allows remote authenticated users to impact confidentiality and integrity via unknown vectors. CVSS (NVD) indicates network access with low complexity and partial confidentiality/integ...

CVE-2009-2000

Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors...

Oracle Database CVE-2009-1018 Workspace Manager漏洞

Bugraq ID: 36765 CVE ID：CVE-2009-1018 Oracle Database是一款商业性质的大型数据库。 Oracle数据库Workspace Manager存在远程漏洞，此漏洞可通过'Oracle Net'协议利用，要成功利用此漏洞，攻击者必须拥有SYS.LTRIC WMSYS.LTRIC'特权。 目前没有详细漏洞细节提供。 Oracle Oracle10g Standard Edition 10.2.0.4 Oracle Oracle10g Personal Edition 10.2.0.4 Oracle Oracle10g Enterprise...

McKesson HCI Hardcoded Passwords

McKesson Horizon Clinical Infrastructure, also known as McKesson HCI, utilizes hardcoded passwords for Oracle database access. HCI serves as the patient record datastore for the majority of McKesson applications. There are two components to an HCI implementation: the Infrastructure or Master serv...

Oracle Database Enumeration

This module provides a simple way to scan an Oracle database server for configuration parameters that may be useful during a penetration test. Valid database credentials must be provided for this module to run. This module requires Metasploit: https://metasploit.com/download Current source:...

Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection (CVE-2009-1021)

Oracle Database Server is an enterprise-level relational database application suite. An SQL injection vulnerability has been reported in Oracle Database server. Remote authenticated attackers having Create Session privileges can exploit this vulnerability to inject and execute malicious SQL...

Oracle Secure Backup property_box.php type parameter command execution

Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...