Apex Security Vulnerabilities and Issues — Apex CVE List

Lucene search

OracleApex

7 matches found

CVE•added 2007/07/18 7:30 p.m.•71 views

CVE-2007-3854

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable...

5.5CVSS9.4AI score0.06576EPSS

CVE•added 2006/10/18 1:7 a.m.•46 views

CVE-2006-5351

Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (...

9CVSS5.7AI score0.00956EPSS

CVE•added 2007/03/07 8:19 p.m.•45 views

CVE-2006-7138

SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. ...

6CVSS7.3AI score0.00956EPSS

CVE•added 2007/03/07 8:19 p.m.•43 views

CVE-2006-7158

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.

4.3CVSS5.4AI score0.00956EPSS

CVE•added 2006/10/18 1:7 a.m.•37 views

CVE-2006-5352

Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.

10CVSS6.5AI score0.00958EPSS

CVE•added 2006/10/28 1:7 a.m.•33 views

CVE-2006-5599

Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. O...

4.3CVSS5.3AI score0.01502EPSS

CVE•added 2007/07/18 7:30 p.m.•29 views

CVE-2007-3860

Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_passwor...

7.5CVSS7AI score0.01389EPSS