Apex@* Security Vulnerabilities and Issues — Apex@* CVE List

Lucene search

OracleApex*

3 matches found

CVE•added 2007/03/07 8:19 p.m.•45 views

CVE-2006-7138

SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. ...

6CVSS7.3AI score0.00956EPSS

CVE•added 2007/03/07 8:19 p.m.•43 views

CVE-2006-7158

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.

4.3CVSS5.4AI score0.00956EPSS

CVE•added 2007/07/18 7:30 p.m.•29 views

CVE-2007-3860

Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_passwor...

7.5CVSS7AI score0.01389EPSS