CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

180 matches found

securityvulns•added 2008/08/04 12:0 a.m.•62 views

Team SHATTER Security Advisory: SQL Injection in Oracle Application Server (WWEXP_API_ENGINE)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory SQL Injection in Oracle Application Server WWEXPAPIENGINE Audust 4, 2008 Risk Level: High Affected versions: Oracle Application Server 9.0.4.3, 10.1.2.2 and 10.1.4.1 Remote exploitable: Yes No authentication required...

0.8AI score

Exploits0

securityvulns•added 2008/07/19 12:0 a.m.•39 views

Oracle SQL injection lateral attacks

SQL injection into uncontrolled PL/SQL procedires is possible with e.g. modification of data format with ALTER SESSION...

3.2AI score

Exploits0References2

Prion•added 2008/07/15 11:41 p.m.•16 views

Sql injection

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims tha...

6.4CVSS7.8AI score0.00494EPSS

Exploits0References8Affected Software1

erpscan•added 2008/01/29 12:0 a.m.•31 views

Oracle Database 10G CTXSYS.DRVXTABX — PLSQL Injection

Application: Oracle Database 10G Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL: Bugs: PL/SQL Injections Exploits: YES Reported: 29.01.2008 Vendor response: 31.01.2008 CVE: CVE-2009-1991 SVSS2: 3.6 Date of Public Advisory: 26.10.2009 Solution: YES Non official Author:...

3.6CVSS0.8AI score0.00761EPSS

Exploits0

NVD•added 2007/07/18 7:30 p.m.•17 views

CVE-2007-3855

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via 1 SYS.DBMSDRS in the DataGuard component DB03, 2 SYS.DBMSSTANDARD in the PL/SQL component DB10, 3 MDSYS.RTREEIDX in the...

6.5CVSS6.6AI score0.31494EPSS

Exploits9References17

Prion•added 2007/07/18 7:30 p.m.•13 views

Design/Logic Flaw

6.5CVSS6.9AI score0.31494EPSS

Exploits9References17Affected Software1

CVE•added 2007/07/18 7:0 p.m.•52 views

CVE-2007-3855

CVE-2007-3855 affects multiple Oracle Database versions (9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3) with vulnerabilities in the DataGuard component (SYS.DRMS), the PL/SQL component (SYS.DBMS_STANDARD), the Spatial component (MDSYS.RTREE_IDX), and the SQL Compiler (DB17). The description no...

6.5CVSS6.6AI score0.31494EPSS

Exploits9References17Affected Software1

Cvelist•added 2007/07/18 7:0 p.m.•24 views

CVE-2007-3855

6.6AI score0.31494EPSS

Exploits9References17

Exploit DB•added 2007/02/26 12:0 a.m.•40 views

Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (2)

source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter execute with 'SYS' user privilege...

7.4AI score

Exploits0

exploitpack•added 2007/02/26 12:0 a.m.•20 views

Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (2)

Oracle 10g Database - SUBSCRIPTIONNAME SQL Injection 2 source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that...

Exploits0

exploitpack•added 2007/02/23 12:0 a.m.•12 views

Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (1)

Oracle 10g Database - SUBSCRIPTIONNAME SQL Injection 1 source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that...

8.6AI score

Exploits0

seebug.org•added 2007/01/24 12:0 a.m.•22 views

Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit

No description provided by source. / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret [email protected] Privileges needed: - CREATE SESSION - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

7.1AI score

Exploits0

seebug.org•added 2007/01/24 12:0 a.m.•15 views

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit

No description provided by source. / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret [email protected] Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

7.1AI score

Exploits0

seebug.org•added 2007/01/24 12:0 a.m.•17 views

Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL/SQL Injection

No description provided by source. / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret [email protected] Privileges needed: - CREATE SESSION Max. Length 97. Very, very cool / select from userroleprivs ; DECLARE SEQUENCEOWNER VARCHAR2200; SEQUENCENAME VARCHAR2200; vuserid numbe...

7.1AI score

Exploits0

Exploit DB•added 2007/01/23 12:0 a.m.•28 views

Oracle 10g - SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL / SQL Injection

/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION Max. Length 97. Very, very cool / select from userroleprivs ; DECLARE SEQUENCEOWNER VARCHAR2200; SEQUENCENAME VARCHAR2200; vuserid number; vcommands VARCHAR232767; NEWVALUE NUMBER; BEGIN SELEC...

7.4AI score

Exploits0

0day.today•added 2007/01/23 12:0 a.m.•27 views

Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit

Exploit for multiple platform in category local exploits ======================================================== Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit ======================================================== / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret...

6.9AI score

Exploits0

Exploit DB•added 2007/01/23 12:0 a.m.•26 views

Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL / SQL Injection

/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST'...

7.4AI score

Exploits0

Exploit DB•added 2007/01/23 12:0 a.m.•32 views

Oracle 10g - SYS.KUPW$WORKER.MAIN PL / SQL Injection

/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST';...

7.4AI score

Exploits0

0day.today•added 2007/01/23 12:0 a.m.•18 views

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit

Exploit for multiple platform in category local exploits ========================================================== Oracle 10g SYS.KUPV$FT.ATTACHJOB PL/SQL Injection Exploit ========================================================== / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean...

6.9AI score

Exploits0

0day.today•added 2007/01/23 12:0 a.m.•15 views

Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL/SQL Injection

Exploit for multiple platform in category local exploits ============================================================ Oracle 10g SYS.DBMSCDCIMPDP.BUMPSEQUENCE PL/SQL Injection ============================================================ / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxe...

6.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by