Vulnerabilities > Oracle > Database Server > 10.1.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-18 | CVE-2007-3853 | Unspecified vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). | 6.5 |
| 2007-04-18 | CVE-2007-2119 | Multiple vulnerability in Oracle Application Server and Database Server Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. network oracle | 6.8 |
| 2007-04-18 | CVE-2007-2115 | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.2/9.2.0.7 Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. network oracle | 6.8 |
| 2007-04-18 | CVE-2007-2114 | Multiple vulnerability in Oracle April 2007 Security Update Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. | 9.0 |
| 2007-04-18 | CVE-2007-2113 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5 SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. | 7.5 |
| 2007-04-18 | CVE-2007-2112 | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. network oracle | 6.0 |
| 2007-04-18 | CVE-2007-2111 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7 SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. | 6.5 |
| 2007-04-18 | CVE-2007-2108 | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. | 6.8 |
| 2007-01-17 | CVE-2007-0278 | Multiple vulnerability in Oracle January 2007 Security Update Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | 6.8 |
| 2007-01-17 | CVE-2007-0275 | Cross-Site Scripting vulnerability in Oracle products Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. | 3.5 |