CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3671 matches found

CVE•added 2007/11/08 9:0 p.m.•93 views

CVE-2007-5897

Buffer overflow in Oracle Database Server (MDSYS.SDO_CS) allows remote authenticated users to crash the server and execute arbitrary code via the TRANSFORM function. Affected: Oracle 8iR3, 9iR1/2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4. Note: this CVE may be related to CVE-2007-5515, CVE-2007-550...

8.5CVSS7.3AI score0.03703EPSS

Exploits0References4Affected Software1

securityvulns•added 2007/11/08 12:0 a.m.•145 views

iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability

iDefense Security Advisory 11.07.07 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 07, 2007 I. BACKGROUND Oracle Database Server is a family of database products that range from personal databases to enterprise solutions. Further information is available at the following URL...

6CVSS7.2AI score0.05385EPSS

Exploits8

securityvulns•added 2007/11/08 12:0 a.m.•32 views

Oracle database server buffer overflow

Buffer overflow in XDB.XDBPITRIGPKG.PITRIGDROPMETADATA procedure...

6CVSS3.7AI score0.05385EPSS

Exploits8References1

seebug.org•added 2007/10/31 12:0 a.m.•30 views

Oracle Database Server MDSYS.SDO_CS缓冲区溢出漏洞

Oracle Database Server是一款商业性质的功能强大的数据库服务程序。 Oracle Database Server处理MDSYS.SDOCS.TRANSFORM函数存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 Oracle Database Server提供的MDSYS.SDOCS包包含子程序用于与协作系统工作。此包TRANSFORM过程处理存在缓冲区溢出，任何对MDSYS.SDOCS有执行权限的Oracle数据库用户可利用此漏洞。 Oracle Oracle9i Standard Edition 9.2 .6 Oracle Oracle9i...

6.9AI score

Exploits0

seebug.org•added 2007/10/31 12:0 a.m.•16 views

Oracle Database Server DBMS_AQADM_SYS.DBLINK_INFO缓冲区溢出漏洞

Oracle Database Server是一款商业性质的功能强大的数据库服务程序。 Oracle Database Server处理DBMSAQADMSYS.DBLINKINFO函数存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 Oracle Database Server提供的SYS.DBMSAQADMSYS包用于SYS.DBMSAQADM包内部使用提供管理Oracle流高级队列配置和管理信息的过程。此包对DBLINKINFO过程处理存在缓冲区溢出，任何对SYS.DBMSAQADMSYS有执行权限的Oracle数据库用户可利用此漏洞。 Oracle...

6.9AI score

Exploits0

seebug.org•added 2007/10/28 12:0 a.m.•27 views

Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit

No description provided by source. !/usr/bin/perl http://rawlab.mindcreations.com/codes/exp/oracle/sys-lt-findricset.pl Oracle SYS.LT.FINDRICSET exploit 11g/10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.5.0" Fixed with CPU...

7.1AI score

Exploits0

0day.today•added 2007/10/27 12:0 a.m.•30 views

Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit

Exploit for multiple platform in category local exploits ============================================================ Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit ============================================================ !/usr/bin/perl...

6.9AI score

Exploits0

Exploit DB•added 2007/10/27 12:0 a.m.•35 views

Oracle 10g/11g - 'SYS.LT.FINDRICSET' SQL Injection (1)

!/usr/bin/perl http://rawlab.mindcreations.com/codes/exp/oracle/sys-lt-findricset.pl Oracle SYS.LT.FINDRICSET exploit 11g/10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.5.0" Fixed with CPU Oct. 2007 REF: Thanks to Joxean...

7.4AI score

Exploits0

seebug.org•added 2007/10/20 12:0 a.m.•28 views

Oracle Workspace Manager LT软件包SQL注入漏洞

BUGTRAQ ID: 26098 Oracle Database是一款商业性质大型数据库系统。 Oracle中捆绑的Workspace Manager包含有名为LT的软件包，LT软件包的实现上存在SQL注入漏洞，远程攻击者可能利用此漏洞获取非授权访问。 LT软件包属于SYS用户，可被PUBLIC执行，LT中的FINDRICSET过程调用了LTRIC软件包中的FINDRICSET ，而这个调用过程中存在SQL注入漏洞，允许远程攻击者通过提交恶意的SQL查询请求获得SYS权限。 Oracle Oracle9i Oracle Oracle10g Release 2 Oracle...

6.8AI score

Exploits0

Prion•added 2007/10/17 11:17 p.m.•22 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02...

10CVSS6.5AI score0.0363EPSS

Exploits0References8Affected Software2

NVD•added 2007/10/17 11:17 p.m.•21 views

CVE-2007-5509

Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06...

6.5CVSS6.1AI score0.02049EPSS

Exploits0References8

Prion•added 2007/10/17 11:17 p.m.•19 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka 1 DB08, 2 DB09, 3 DB10, 4 DB11, 5 DB12, 6 DB13, 7 DB14, 8 DB15, 9 DB16, 10 DB17, and 11 DB18. NOTE...

6.5CVSS6.7AI score0.31758EPSS

Exploits2References8

Prion•added 2007/10/17 11:17 p.m.•14 views

Design/Logic Flaw

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service CPU consumption via a crafted type 6 Data packet, aka DB20...

7.8CVSS6.3AI score0.03061EPSS

Exploits0References11Affected Software1

Prion•added 2007/10/17 11:17 p.m.•17 views

Design/Logic Flaw

Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01...

10CVSS6.5AI score0.02238EPSS

Exploits0References8Affected Software1

Prion•added 2007/10/17 11:17 p.m.•22 views

Buffer overflow

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to 1 Import DB01 and 2 Advanced Queuing DB25. NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a buffer overflow in the DBLINKIN...

6.5CVSS7.4AI score0.0349EPSS

Exploits0References11Affected Software1

NVD•added 2007/10/17 11:17 p.m.•16 views

CVE-2007-5515

Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27...

6.5CVSS6.1AI score0.02049EPSS

Exploits0References8

NVD•added 2007/10/17 11:17 p.m.•17 views

CVE-2007-5508

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component CTXDOC in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 THEMES, 2 GIST, 3 TOKENS, 4 FILTER, 5 HIGHLIGHT, and 6 MARKUP...

6.5CVSS7.7AI score0.05158EPSS

Exploits0References12

NVD•added 2007/10/17 11:17 p.m.•16 views

CVE-2007-5513

The XML DB XMLDB component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which 1 long usernames are trimmed to 5 characters, or 2 short entries contain any extra characters from usernames in previous entries, aka DB23...

5CVSS6.2AI score0.02895EPSS

Exploits0References12

Prion•added 2007/10/17 11:17 p.m.•19 views

Sql injection

SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are...

6.5CVSS8.2AI score0.31758EPSS

Exploits2References13

Prion•added 2007/10/17 11:17 p.m.•17 views

Design/Logic Flaw

5CVSS6.3AI score0.02895EPSS

Exploits0References12Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by