Vulnerabilities > Oracle > Low

DATE CVE VULNERABILITY TITLE RISK
2008-07-15 CVE-2008-2590 Unspecified vulnerability in Oracle products
Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors.
network
oracle
3.5
2008-07-15 CVE-2008-2603 Unspecified vulnerability in Oracle Enterprise Manager 10.1.0.5/10.2.0.4/11.1.0.6
Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors.
network
oracle
3.5
2007-12-10 CVE-2007-6303 Privilege Escalation And Denial Of Service vulnerability in MySQL Server
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
network
mysql oracle
3.5
2007-05-16 CVE-2007-2693 Information Disclosure vulnerability in MySQL Alter Table Function
MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
network
mysql oracle
3.5
2007-05-16 CVE-2007-2702 Cross-Site Scripting vulnerability in Oracle Weblogic Portal 9.2
Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
network
oracle
3.5
2007-05-16 CVE-2007-2703 Remote Security vulnerability in Oracle Weblogic Portal 9.2
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
network
high complexity
oracle
3.6
2007-03-12 CVE-2007-1420 Remote Denial Of Service vulnerability in MySQL Single Row SubSelect
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
local
low complexity
mysql oracle
2.1
2007-01-17 CVE-2007-0275 Cross-Site Scripting vulnerability in Oracle products
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.
network
oracle CWE-79
3.5
2007-01-17 CVE-2007-0282 Multiple vulnerability in Oracle products
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.
local
low complexity
oracle
3.2
2007-01-17 CVE-2007-0286 Multiple vulnerability in Oracle Application Server and Collaboration Suite
Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.
network
high complexity
oracle
2.6