CVE-2006-1874

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVTIDX using the 1 EXECUTEINSERT, 2...

CVE-2006-1876

The CVE relates to Oracle Database Server 9.2.0.7 and 10.1.0.4 with Oracle Spatial, where the issue is believed to be a SQL injection vulnerability in the MDSYS.SDO_PRIDX package (GEN_RID_RANGE_BY_AREA and GEN_RID_RANGE functions). Details are not publicly disclosed by Oracle; impact and attack v...

CVE-2006-1867

Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln DB02...

CVE-2006-1875

Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln DB11. NOTE: Oracle has not disputed reliable researcher claims that this issue is SQL injection in MDSYS.SDOLRSTRIGINS...

CVE-2006-1866

CVE-2006-1866 affects Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5 and other versions, with unknown impact/attack vectors in (1) Advanced Replication (DB01) and (2) Oracle Spatial (DB10). Oracle reportedly did not publicly disclose details as of 20060421, but claims exist that DB01 ...

CVE-2006-1868

CVE-2006-1868 affects Oracle Database Server 10.1.0.4, where a buffer overflow in the Advanced Replication component enables database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package (aka Vuln# DB03). The OpenVAS/Nessus records confirm multiple referen...

CVE-2006-1872

Technical details about CVE-2006-1872 are not publicly available in the provided documents. Monitor for updates from sources in connected documents; no concrete affected products, root cause, impact, or remediation can be stated from the supplied data.

CVE-2006-1877

Technical details about CVE-2006-1877 are not provided in the supplied documents. The Oracle Spatial vulnerability is described as unspecified with unknown impact and vectors.

CVE-2006-1871

CVE-2006-1871 is a SQL injection vulnerability in Oracle Database Server (versions 9.2.0.7 and 10.1.0.5) that allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package. The issue is documented with an impact assessm...

CVE-2006-1876

Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researche...

CVE-2006-1874

CVE-2006-1874 affects Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 in the Oracle Spatial component (DB09). The issue is described as a SQL injection in MDSYS.PRVT_IDX via the functions EXECUTE_INSERT, EXECUTE_DELETE, EXECUTE_UPDATE, EXECUTE UPDATE, and CRT_DUMMY. OpenVAS/Nessus entries co...

CVE-2006-1873

Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln DB08...

CVE-2006-1873

Technical details about CVE-2006-1873 are not publicly available in the provided documents; no concrete impact, vectors, or mitigations are described. Monitor for updates as more information may be released.

CVE-2006-1870

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln DB05. NOTE: details are unavailable from Oracle, but as of 20060427, they have not publicly commented on whether DB05 is th...

CVE-2006-1869

CVE-2006-1869: Unspecified vulnerability in Oracle Database Server versions 8.1.7.4 and 9.0.1.5 affects the Dictionary component (DB04). The initial description notes unknown impact and attack vectors; connected documents corroborate that this vulnerability is associated with Oracle’s Dictionary,...

CVE-2006-0435

Unspecified vulnerability in Oracle PL/SQL PLSQL, as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows...

CVE-2006-0435

The CVE-2006-0435 entry concerns Oracle PL/SQL Gateway/PLSQLExclusion bypass vulnerability (PLSQL01). Public sources (CERT VU and NVD) describe that the Oracle PL/SQL Gateway fails to validate HTTP requests, potentially allowing a remote attacker to bypass access controls and execute SQL commands...

CVE-2006-0435

Unspecified vulnerability in Oracle PL/SQL PLSQL, as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows...

CVE-2006-0261

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 DB07 in the Dictionary component and 2 DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed...

Buffer overflow

Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln OHS02...