Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-14 | CVE-2007-1442 | Insecure Permissions vulnerability in Oracle Database Server 10.2.1/10.2.2/10.2.3 Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges. | 7.2 |
| 2007-03-12 | CVE-2007-1420 | Remote Denial Of Service vulnerability in MySQL Single Row SubSelect MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. | 2.1 |
| 2007-03-07 | CVE-2006-7158 | Cross-Site Scripting vulnerability in Oracle Apex 2.0/2.1/2.2 Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. network oracle | 4.3 |
| 2007-03-07 | CVE-2006-7138 | SQL Injection vulnerability in Oracle Apex 2.0/2.1 SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. | 6.0 |
| 2007-03-02 | CVE-2006-7067 | Local Security vulnerability in Oracle Database Server 10.2.1 Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. | 6.0 |
| 2007-01-23 | CVE-2007-0426 | Products Multiple vulnerability in Oracle Weblogic Portal 9.2 BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions. network oracle | 6.8 |
| 2007-01-23 | CVE-2007-0423 | Products Multiple vulnerability in Oracle Weblogic Portal 9.2 BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. local oracle | 4.4 |
| 2007-01-17 | CVE-2007-0297 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03. | 4.0 |
| 2007-01-17 | CVE-2007-0296 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02. | 2.1 |
| 2007-01-17 | CVE-2007-0295 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. | 7.8 |