22 matches found
Oracle APEX Sample Applications (Brookstrut) (CVE-2026-21931)
The remote host is affected by a vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App as referenced in the January 2026 Oracle Critical Patch Update CPU advisory. - Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX...
EUVD-2026-3578
Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-21931
Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-21931
Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-21931
Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
Oracle APEX security vulnerabilities
Oracle APEX is a low-code development platform provided by Oracle, a company based in the United States. There are security vulnerabilities in the Oracle APEX Sample Applications versions 23.2.0, 23.2.1, 24.1.0, 24.2.0, and 24.2.1. These vulnerabilities allow attackers with low privileges to acce...
EUVD-2006-7120
Malware in sbrugna...
openVIVA c2 20220101 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: mb Support broker management solution openVIVA c2 vulnerable version: 20220801 CVE number: CVE-2022-39172 impact: Medium homepage:...
CVE-2023-21974
Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...
U.S. Dept Of Defense: Endpoint Redirects to Admin Page and Provides Admin role
The web application running on Oracle Apex Express platform was found to have an endpoint that redirected users to the admin page and provided them with admin privileges, bypassing access control restrictions. The vulnerability was discovered by navigating to a specific page within the applicatio...
Node.js third-party modules: [apex-publish-static-files] Command Injection on connectString
I would like to report a command injection vulnerability in the apex-publish-static-files npm module. It allows arbitrary shell command execution through a maliciously crafted argument. Module module name: apex-publish-static-files version: 2.0.0 npm page:...
Oracle Application Express (Apex) CVE-2010-0892
An unspecified vulnerability in version 3.2 of the Application Express component of Oracle Database Server allows remote attackers to affect integrity via unknown vectors. --------------------------------------------------------------------------------- c Recx Ltd 2009-2012 http://www.recx.co.uk/...
Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes
No description provided by source. Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Name Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Systems Affected APEX 3.0 optional component of 11.1.0.7 installation...
Unprivileged DB users can see APEX password hashes
Name Unprivileged DB users can see APEX password hashes Systems Affected APEX 3.0 optional component of 11.1.0.7 installation Severity High Risk Category Password Disclosure Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE CVE-2009-0981 Advisory 14...
Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes
Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Name Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Systems Affected APEX 3.0 optional...
Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes
Exploit for multiple platform in category local exploits ================================================================== Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes ================================================================== Unprivileged DB users can see APEX...
Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes
Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Name Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Systems Affected APEX 3.0 optional component of 11.1.0.7 installation Severity High Risk Category Password...
CVE-2006-7138
SQL injection vulnerability in wwvflowutilities.genpopuplist in the WWVFLOWUTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the PLOV parameter and calculating a matching MD5 checksum for the PLOVCHECKSUM parameter. NOTE: i...
CVE-2006-7158
Cross-site scripting XSS vulnerability in Oracle Application Express APEX before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATIONMSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351...
CVE-2006-7138
SQL injection vulnerability in wwvflowutilities.genpopuplist in the WWVFLOWUTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the PLOV parameter and calculating a matching MD5 checksum for the PLOVCHECKSUM parameter. NOTE: i...