Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager. High risk level. Remote exploitable with authentication needed. Vulnerable versions include Oracle Enterprise Manager Database Control 11 and Oracle Enterprise Manager 10g Grid Control 10.2.0.4. SQL injection allows additional SQL statements. Affected web pages include /em/console/ecm/history/configHistory and /em/console/ecm/config/compare/compareWizSecondConfig. Allows execution of function with elevated privileges of SYSMAN database user. Patch available at Oracle Metalink
Reporter | Title | Published | Views | Family All 12 |
---|---|---|---|---|
Cvelist | CVE-2009-1966 | 14 Jul 200923:00 | – | cvelist |
Cvelist | CVE-2009-1967 | 14 Jul 200923:00 | – | cvelist |
Prion | Code injection | 14 Jul 200923:30 | – | prion |
Prion | Code injection | 14 Jul 200923:30 | – | prion |
NVD | CVE-2009-1966 | 14 Jul 200923:30 | – | nvd |
NVD | CVE-2009-1967 | 14 Jul 200923:30 | – | nvd |
CVE | CVE-2009-1967 | 14 Jul 200923:30 | – | cve |
CVE | CVE-2009-1966 | 14 Jul 200923:30 | – | cve |
Tenable Nessus | Oracle Database Multiple Vulnerabilities (July 2009 CPU) | 16 Nov 201100:00 | – | nessus |
securityvulns | Oracle quarterly security update | 16 Feb 201000:00 | – | securityvulns |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo