Vulnerabilities > Oracle
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-16 | CVE-2007-2703 | Remote Security vulnerability in Oracle Weblogic Portal 9.2 BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. | 3.6 |
2007-05-16 | CVE-2007-2702 | Cross-Site Scripting vulnerability in Oracle Weblogic Portal 9.2 Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor. network oracle | 3.5 |
2007-05-16 | CVE-2007-2693 | Information Disclosure vulnerability in MySQL Alter Table Function MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. | 3.5 |
2007-05-16 | CVE-2007-2692 | Privilege Escalation vulnerability in MySQL Security Invoker The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. | 6.0 |
2007-05-10 | CVE-2007-2583 | The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. | 4.0 |
2007-04-24 | CVE-2007-2170 | Unspecified vulnerability in Oracle E-Business Suite The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. | 9.4 |
2007-04-24 | CVE-2007-2135 | Unspecified vulnerability in Oracle E-Business Suite The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. | 7.8 |
2007-04-18 | CVE-2007-2134 | Multiple vulnerability in Oracle April 2007 Security Update Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. | 7.2 |
2007-04-18 | CVE-2007-2133 | Multiple vulnerability in Oracle Peoplesoft Enterprise 8.9 Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01. | 10.0 |
2007-04-18 | CVE-2007-2132 | Multiple vulnerability in Oracle Peoplesoft Enterprise 8.47.12/8.48.08 Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02. | 10.0 |