Design/Logic Flaw

Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Acce...

Buffer overflow

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to 1 Change Data Capture CDC, aka DB08, and 2 Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that thes...

Sql injection

SQL injection vulnerability in the Upgrade/Downgrade component DBMSUPGRADEINTERNAL for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually fo...

CVE-2007-2115

Unspecified vulnerability in the Change Data Capture CDC component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in t...

Buffer overflow

Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon...

CVE-2007-2113

SQL injection vulnerability in the Upgrade/Downgrade component DBMSUPGRADEINTERNAL for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually fo...

Code injection

Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01...

CVE-2007-2116

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMSSNAPINTERNAL package...

Design/Logic Flaw

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI...

CVE-2007-2110

Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Acce...

CVE-2007-2114

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to 1 Change Data Capture CDC, aka DB08, and 2 Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that thes...

CVE-2007-2108

CVE-2007-2108 affects Oracle Database Core RDBMS on Windows (versions 9.0.1.5, 9.2.0.8, 10.1.0.5, 10.2.0.2). Remote attackers may gain privileges due to NTLM SSPI AcceptSecurityContext granting privileges based on username while all users appear as Guest. No exploit details provided in the source...

CVE-2007-2112

Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the AUTHALTERSESSION...

CVE-2007-2114

CVE-2007-2114 refers to multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2, specifically affecting Change Data Capture (CDC, DB08) and Oracle Instant Client (DB11). The description notes reliable claims that these issues are buffer overflows involving a long CHANGE_TABL...

CVE-2007-2108

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI...

CVE-2007-2109

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 Rules Manager and Expression Filter components DB02 and 2 Oracle Streams DB06. Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a...

CVE-2007-2113

SQL injection vulnerability in the Upgrade/Downgrade component DBMSUPGRADEINTERNAL for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually fo...

CVE-2007-2116

Summary of CVE-2007-2116 (Oracle DB): A buffer overflow in the Oracle Database Advanced Replication component, specifically in package SYS.DBMS_SNAP_INTERNAL, affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The vulnerability may allow remote command execution via the SNAP_OWNER or SNAP_N...

CVE-2007-2109

CVE-2007-2109 affects Oracle Database 10.2.0.3 with reported issues in two components: (1) Rules Manager and Expression Filter (DB02) due to a race condition in the RLMGR_TRUNCATE_MAINT trigger that can change AUTHID from DEFINER to CURRENT_USER after TRUNCATE, and (2) Oracle Streams (DB06) due t...

CVE-2007-2111

SQL injection vulnerability in the SYS.DBMSAQADMSYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for...