CVE-2011-0785

CVE-2011-0785 affects Oracle Help component exposed by Oracle Database Server (versions 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3–10.2.0.5, 10.1.0.5) and Oracle Fusion Middleware (11.1.1.2.0–11.1.1.4.0). Root cause: unspecified vulnerability in the Oracle Help component allowing remote int...

CVE-2011-0799

Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 OWB, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Warehouse Builder User Account...

Oracle Releases Critical Patch Update for April 2011

Oracle has released their Critical Patch Update for April 2011 to address 73 vulnerabilities across multiple products. This update contains the following security fixes: 6 updates for the Oracle Database Server 9 updates for Oracle Fusion Middleware 1 update for Oracle Enterprise Manager Grid...

(0Day) IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing th...

IBM DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.1 running on the remote host is prior to Fix Pack 10. It is, therefore, affected by one or more of the following issues : - It is possible to execute non-DDL statements even after an user's DBADM authority has been revoked. IC66811 - Multipl...

CVE-2010-3600

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...

Code injection

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...

Design/Logic Flaw

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2010-3600

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...

CVE-2010-4421

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2010-4423

CVE-2010-4423 affects Oracle Database Server on Windows, specifically the Cluster Verify Utility component, with vulnerable installations including 10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.1. The vulnerability is described as unspecified and enables local users to affect confidentiality, integrity, and ...

CVE-2010-3600

CVE-2010-3600 describes an arbitrary file upload/code execution vulnerability in Oracle Database Client System Analyzer (CSA) used by Oracle Database Server 11.1.0.7/11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5. Public details indicate a vulnerable JSP that accepts XML uploads with NULL ...

MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service server crash via a query that uses the 1 GREATEST or 2 LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the...

DSA-2143-1 mysql-dfsg-5.0 - several vulnerabilities

Bulletin has no description...

Sybase PowerDesigner Repository Proxy Detection

The remote service is a Sybase PowerDesigner Repository Proxy, which allows users to issue SQL statements via an ODBC connection to be executed on the database server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service infinite loop via multiple invocations of a 1 prepared statement or 2 stored procedure that creates a query with nested JOIN statements...

IBM Informix Dynamic Server DBINFO Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists when processing the arguments to the DBINFO keyword in a SQL query...

CVE-2010-2412

Unspecified vulnerability in the OLAP component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2010-2419

Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMSCDCPUBLISH...