Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-04-16 | CVE-2008-1815 | Unspecified vulnerability in Oracle Database 10G and Database 11G Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. | 5.5 |
| 2008-04-16 | CVE-2008-1813 | Unspecified vulnerability in Oracle Database 9I and Database Server Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. | 6.5 |
| 2008-04-16 | CVE-2008-1811 | Unspecified vulnerability in Oracle Application Express 3.0.1 Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. | 5.5 |
| 2008-02-21 | CVE-2008-0868 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2008-02-21 | CVE-2008-0865 | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | 5.0 |
| 2008-02-21 | CVE-2008-0864 | Permissions, Privileges, and Access Controls vulnerability in multiple products Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. | 5.0 |
| 2007-12-18 | CVE-2007-6283 | Information Exposure vulnerability in multiple products Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | 4.9 |
| 2007-12-10 | CVE-2007-6304 | Privilege Escalation And Denial Of Service vulnerability in MySQL Server The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. | 5.0 |
| 2007-12-10 | CVE-2007-5970 | Remote Security vulnerability in MySQL MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. network oracle | 5.8 |
| 2007-12-06 | CVE-2007-6260 | Credentials Management vulnerability in Oracle Database Server The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. | 6.8 |