Vulnerabilities > Oracle > Apex

DATE CVE VULNERABILITY TITLE RISK
2007-07-18 CVE-2007-3860 SQL-Injection vulnerability in Apex
Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01.
network
low complexity
oracle
7.5
7.5
2007-07-18 CVE-2007-3854 Unspecified vulnerability in Oracle products
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12).
network
low complexity
oracle
5.5
5.5
2007-03-07 CVE-2006-7158 Cross-Site Scripting vulnerability in Oracle Apex 2.0/2.1/2.2
Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter.
network
oracle
4.3
4.3
2007-03-07 CVE-2006-7138 SQL Injection vulnerability in Oracle Apex 2.0/2.1
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter.
network
oracle CWE-89
6.0
6.0
2006-10-28 CVE-2006-5599 Cross-Site Scripting vulnerability in Oracle Apex 2.2
Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package.
network
oracle
4.3
4.3
2006-10-18 CVE-2006-5352 Multiple vulnerability in Oracle October 2006 Security Update
Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.
network
low complexity
oracle
critical
 10.0
10
2006-10-18 CVE-2006-5351 Multiple vulnerability in Oracle Apex 1.5.0/2.0
Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35.
network
low complexity
oracle
critical
 9.0
9.0