Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-18 | CVE-2007-3859 | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01. | 7.5 |
| 2007-07-18 | CVE-2007-3858 | Remote Security vulnerability in Oracle Database Server 10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13). | 7.5 |
| 2007-04-24 | CVE-2007-2135 | Unspecified vulnerability in Oracle E-Business Suite The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. | 7.8 |
| 2007-04-18 | CVE-2007-2134 | Multiple vulnerability in Oracle April 2007 Security Update Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. | 7.2 |
| 2007-04-18 | CVE-2007-2120 | Resource Management Errors vulnerability in Oracle Application Server 10.1.2.0.2/10.1.2.2/9.0.4.3 The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01. | 7.8 |
| 2007-04-18 | CVE-2007-2118 | Multiple vulnerability in Oracle April 2007 Security Update Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. | 7.5 |
| 2007-04-18 | CVE-2007-2113 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5 SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. | 7.5 |
| 2007-03-14 | CVE-2007-1442 | Insecure Permissions vulnerability in Oracle Database Server 10.2.1/10.2.2/10.2.3 Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges. | 7.2 |
| 2007-01-17 | CVE-2007-0295 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. | 7.8 |
| 2007-01-17 | CVE-2007-0292 | Multiple vulnerability in Oracle Enterprise Manager 10.1.0.5 Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. | 7.5 |