63 matches found
CVE-2008-1814
Technical details about CVE-2008-1814 are not provided in the supplied documents. No explicit affected products, root cause, or remediation are included here. Monitor for updates.
CVE-2006-1884
Technical details for CVE-2006-1884 are not publicly available in the provided documents. No affected product/version, impact, or remediation is described here. Monitor for updates from official advisories and vulnerability databases.
CVE-2004-1371
CVE-2004-1371 describes a stack-based buffer overflow in Oracle 9i/10g that allows remote attackers to execute arbitrary code by sending a long token in the text of a wrapped procedure. The vulnerability affects Oracle’s database/server components and can enable remote code execution with the att...
CVE-2007-0275
CVE-2007-0275 is a documented cross-site scripting (XSS) vulnerability in the Oracle Reports Web Cartridge (RWCGI60) within the Workflow Cartridge component. The issue allows remote authenticated users to inject arbitrary HTML or web script by supplying a crafted value to the genuser parameter of...
CVE-2008-0349
Technical details for CVE-2008-0349 are not publicly provided in the supplied documents; information about affected versions, root cause, impact, and remediation is not disclosed here. Monitor for updates.
CVE-2004-1363
CVE-2004-1363 : The provided data confirms a buffer overflow in the extproc component of Oracle 10g. An attacker can trigger remote code execution by manipulating environment variables in the library name, which are expanded after the length check. The vulnerability is described as enabling remot...
CVE-2008-0345
CVE-2008-0345 : The Connected documents confirm an unspecified vulnerability in the Core RDBMS component of Oracle Database 11.1.0.6. The description provides no detail on the exact affected sub-component, root cause, impact, or exploitation method, only stating “unknown impact” and “remote attac...
CVE-2008-0346
Technical details about CVE-2008-0346 are not publicly provided in the supplied connected documents. The entries reference Oracle Application Server Jinitiator but do not specify vulnerable components, versions, impact, or fixes. Monitor for updates.
CVE-2007-3854
CVE-2007-3854 affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The entry documents multiple unspecified vulnerabilities allowing remote authenticated users to impact system via two components: the Advanced Queuing component (DB02) and the Spatial component (DB12). The description notes th...
CVE-2008-0347
CVE-2008-0347 concerns an unspecified vulnerability in the Oracle Ultra Search component of Oracle Collaboration Suite 10.1.2, and in related Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and Application Server 9.0.4.3 and 10.1.2.0.2. The issue is described as having unknown impact and local attack vecto...
CVE-2007-5526
Technical details about CVE-2007-5526 are not publicly provided in the supplied documents; no affected product/version or impact specifics are stated. Monitor for updates.
CVE-2004-1364
CVE-2004-1364 is an Oracle extproc directory traversal vulnerability affecting Oracle 9i and 10g. The flaw allows remote attackers to access arbitrary libraries outside the $ORACLE_HOME/bin directory by leveraging the extproc mechanism, potentially executing OS commands with the privileges of the...
CVE-2008-0343
CVE-2008-0343 concerns an unspecified vulnerability in the Oracle Spatial component affecting Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The description notes unknown impact and remote attack vectors (DB06). Public references list multiple advisories; the NVD entry assigns a...
CVE-2004-1369
CVE-2004-1369 concerns the TNS Listener in Oracle 10g. The vulnerability allows remote attackers to cause a denial of service (listener crash) by sending a malformed service_register_NSGR request, where a value is used as an invalid offset for a pointer that references incorrect memory. The prima...
CVE-2004-1366
CVE-2004-1366 affects Oracle 10g Database Server, where the password for the SYSMAN account is stored in cleartext in the world-readable emoms.properties file. This local-access weakness could allow unprivileged or local users to gain DBA privileges. No explicit remediation version or patch is pr...
CVE-2004-1367
CVE-2004-1367 affects Oracle 10g Database Server. When installed with a password containing an exclamation point for the DBSNMP or SYSMAN user, an error is logged to the world‑readable postDBCreation.log, potentially exposing the password to local users who could use it against SYS or SYSTEM acco...
CVE-2004-1365
CVE-2004-1365 affects Oracle 9i/10g extproc. The vulnerability allows local users to load a library or execute a function without authentication, enabling arbitrary commands to run as the Oracle user. This is documented in the NVD entry and reflected in related Nessus/NVD references.
CVE-2006-0552
Technical details about CVE-2006-0552 (affected Oracle Net Listener, impact, exploitability, and fix) are not publicly provided in the supplied documents; monitor for official advisories for concrete information.
CVE-2004-1370
CVE-2004-1370 is a set of confirmed SQL injection vulnerabilities in Oracle 9i/10g that affect PL/SQL procedures running with definer rights. The flaws allow remote attackers to execute arbitrary SQL commands and potentially gain privileges via the following procedures: DBMS_EXPORT_EXTENSION, WK_...
CVE-2007-2130
CVE-2007-2130 describes an unspecified vulnerability in Oracle’s Workflow Cartridge affecting Oracle Database Server (9.2.0.1, 10.1.0.2, 10.2.0.1), Application Server (9.0.4.3, 10.1.2.0.2), Collaboration Suite (10.1.2), and E-Business Suite. The description indicates unknown impact and remote aut...
CVE-2008-0340
CVE-2008-0340 concerns Oracle Database with multiple unspecified vulnerabilities affecting the Advanced Queuing (DB02) and Oracle Spatial (DB04) components across several versions (e.g., 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3). The description notes unknown impact and remote attack...
CVE-2008-0344
Technical details about CVE-2008-0344 are not publicly available in the provided documents. The records note an unspecified vulnerability in the Oracle Spatial component with unknown impact; monitor for updates.
CVE-2006-5361
Technical details for CVE-2006-5361 are not publicly provided in the supplied documents; monitor for updates.
CVE-2006-0282
Technical details for CVE-2006-0282 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the OpenVAS/Nessus entries reference the CVE but do not list affected versions, vectors, or fixes.
CVE-2007-0280
CVE-2007-0280 describes a buffer overflow in Oracle Process Mgmt & Notification (OPMN01) affecting Oracle HTTP Server 9.0.1.5; Application Server 9.0.4.3 and 10.1.2.x; and Collaboration Suite 9.0.4.2 and 10.1.2. Oracle notes in the description that OPMN01 is believed to be the ONS buffer overflow...
CVE-2004-1362
CVE-2004-1362 affects the PL/SQL module of the Oracle HTTP Server in Oracle Application Server 10g when using the WE8ISO8859P1 character set. The issue is a character conversion flaw that allows remote attackers to bypass access restrictions for certain procedures via an encoded URL containing “%...
CVE-2004-1368
The CVE-2004-1368 entry affects Oracle ISQL*Plus in Oracle 10g Application Server. The vulnerability allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script, enabling potential arbitrary-file execution on the affected server. The ac...
CVE-2007-0282
Concrete details exist in connected documents for the Oracle Process Mgmt & Notification (OPMN) component: a format string vulnerability in the OPMN daemon used by Oracle Grid/Enterprise components (e.g., 10.2.0.1) that can be exploited by crafting the URI in an HTTP request to port 6003, enablin...
CVE-2008-0348
Technical details for CVE-2008-0348 are not publicly available in the provided documents. Monitor for updates in the connected sources.
CVE-2006-5356
Technical details for CVE-2006-5356 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.
CVE-2007-0285
CVE-2007-0285 affects Oracle software including Application Server (9.0.4.3, 10.1.2.0.2, 10.1.2.2), Collaboration Suite (9.0.4.2, 10.1.2), and E-Business Suite/Applications 11.5.10CU2, with the vulnerability tied to Oracle Reports Developer (REP01). The description notes an unspecified vulnerabil...
CVE-2007-3859
Technical details for CVE-2007-3859 are not publicly available in the provided documents. No specifics on affected product version, root cause, or impact are given here; monitor for updates.
CVE-2007-2125
Technical details (affected components, root cause, impact, or fixes) for CVE-2007-2125 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2007-3861
Technical details for CVE-2007-3861 are not publicly available in the provided documents; no specific affected products, root cause, or remediation are given. Monitor for official updates.
CVE-2006-5364
Technical details for CVE-2006-5364 are not publicly available in the provided documents; monitor for updates from official advisories.
CVE-2007-0287
Technical details are not publicly available in the provided documents for CVE-2007-0287; no affected products, impact, or remediation are specified here. Monitor for updates.
CVE-2006-5348
Technical details for CVE-2006-5348 are not publicly provided in the supplied documents. Available records reference the vulnerability but do not specify affected products, root cause, or fixes. Monitor for updates.
CVE-2006-5354
Technical details for CVE-2006-5354 are not publicly provided in the supplied documents. No affected products, impact, or remediation are specified here; monitor for updates and additional technical disclosures.
CVE-2006-1879
Technical details (root cause, impact, affected components/versions, exploit vectors) are not publicly available in the provided documents. Monitor for updates for more concrete information about CVE-2006-1879.
CVE-2007-0286
CVE-2007-0286 affects Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, with an unspecified vulnerability in Containers for J2EE (OC4J07). The initial description notes unknown impact and attack vectors; no concrete exploit details, affected subcomponents, version...
CVE-2007-0281
Public documents provided do not include concrete technical details (affected product, root cause, exploit vectors, or remediation) for CVE-2007-0281; monitor for updates.
CVE-2007-0283
Technical details for CVE-2007-0283 are not provided in the connected documents; the entries cite an unspecified vulnerability related to Oracle Containers for J2EE (OC4J02). Monitor for updates.
CVE-2007-3863
Technical details for CVE-2007-3863 are not publicly provided in the supplied documents. No explicit affected versions, root cause, impact, or remediation are described here. Monitor for updates from Oracle advisories and security feeds.
CVE-2007-5524
Technical details for CVE-2007-5524 are not publicly provided in the supplied documents; no specific affected products/versions, root cause, or remediation are disclosed. Monitor for updates.
CVE-2007-5525
Technical details about CVE-2007-5525 are not provided in the supplied documents; the entries describe an unspecified vulnerability without impact or vectors. Monitor for updates.
CVE-2005-3454
Technical details are not publicly available in the provided documents for CVE-2005-3454. No specifics on affected products, impact, or remediation are supplied. Monitor for updates.
CVE-2006-0276
CVE-2006-0276 applies to Oracle Collaboration Suite Release 2 (Oracle9i), version 9.0.4.2, with multiple unspecified vulnerabilities across several components (Email Server; Wireless & Voice; Content Management SDK; Content Services). The available documents do not specify affected subcomponents ...
CVE-2006-0283
CVE-2006-0283 refers to an unspecified vulnerability in Oracle products (Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, Collaboration Suite Release 2) and Oracle9i (9.0.4.2), linked to Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component. Public descriptions do ...
CVE-2006-0290
Technical details for CVE-2006-0290 are not publicly disclosed in the provided documents; the entries only note an unspecified vulnerability in the Oracle Workflow Cartridge. Monitor for updates.
CVE-2006-0291
Technical details for CVE-2006-0291 are not publicly available in the provided documents. Affected Oracle components are listed but no concrete root cause, impact, or fix information is disclosed here; monitor for updates.