Vulnerabilities > CVE-2009-1968 - Unspecified vulnerability in Oracle Database Server 10.1.8.3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
nessus
exploit available
NVD
Published: 2009-07-14
Updated: 2024-11-21

Summary

Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Exploit-Db

descriptionOracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross Site Scripting Vulnerability. CVE-2009-1968. Remote exploits for multiple platform
idEDB-ID:33082
last seen2016-02-03
modified2009-06-14
published2009-06-14
reporterAlexandr Polyakov
sourcehttps://www.exploit-db.com/download/33082/
titleOracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross-Site Scripting Vulnerability

Nessus

  • NASL familyCGI abuses : XSS
    NASL idORACLE_SES_SEARCH_P_GROUPS_XSS.NASL
    descriptionThe version of Oracle Secure Enterprise Search installed on the remote host fails to sanitize input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id40550
    published2009-08-11
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40550
    titleOracle Database Secure Enterprise Search search/query/search search_p_groups Parameter XSS
  • NASL familyDatabases
    NASL idORACLE_RDBMS_CPU_JUL_2009.NASL
    descriptionThe remote Oracle database server is missing the July 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Replication - Auditing - Config Management - Core RDBMS - Listener - Network Foundation - Secure Enterprise Search - Upgrade - Visual Private Database
    last seen2020-06-02
    modified2011-11-16
    plugin id56065
    published2011-11-16
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56065
    titleOracle Database Multiple Vulnerabilities (July 2009 CPU)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/79328/DSECRG-09-025.txt
idPACKETSTORM:79328
last seen2016-12-05
published2009-07-17
reporterSh2kerr
sourcehttps://packetstormsecurity.com/files/79328/Oracle-Secure-Enterprise-Search-XSS.html
titleOracle Secure Enterprise Search XSS

References