4 matches found
EUVD-2006-7140
Malware in sbrugna...
CVE-2006-7138
CVE-2006-7138 affects Oracle Application Express/HTMLDB (APEX) prior to 2.2. The issue is an SQL injection in WWV_FLOW_UTILITIES.gen_popup_list inside the WWV_FLOW_UTILITIES package, enabling remote authenticated users to alter P_LOV and calculate a matching MD5 checksum for P_LOV_CHECKSUM to exe...
CVE-2006-7158
Oracle Application Express (APEX/HTMLDB) prior to version 2.2.1 is affected by a cross-site scripting (XSS) vulnerability in the NOTIFICATION_MSG parameter in the APEX UI. The issue allows remote attackers to inject arbitrary web script or HTML. The root cause is insufficient input handling for t...
CVE-2006-5351
Oracle Application Express (APEX/HTMLDB) prior to 2.2.1 contains multiple documented issues (APEX01–APEX35) including SQL injection in WWV_FLOW_UTILITIES.gen_popup_list and XSS via NOTIFICATION_MSG and WWV_FLOW_ITEM_HELP. CVEs CVE-2006-7138, CVE-2006-7158, and CVE-2006-5599 describe these vectors...