Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-08 | CVE-2007-4517 | Buffer Errors vulnerability in Oracle Database Server Release2 Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. | 6.0 |
| 2007-10-18 | CVE-2007-5576 | Information Exposure vulnerability in multiple products BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. | 6.8 |
| 2007-10-17 | CVE-2007-5533 | Unspecified vulnerability in Oracle Peoplesoft Enterprise Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02. | 6.5 |
| 2007-10-17 | CVE-2007-5515 | Unspecified vulnerability in Oracle Database Server Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27. | 6.5 |
| 2007-10-17 | CVE-2007-5514 | Unspecified vulnerability in Oracle Database Server 10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26). | 6.5 |
| 2007-10-17 | CVE-2007-5513 | Unspecified vulnerability in Oracle Database Server 10.1.0.5/9.2.0.8/9.2.0.8Dv The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. | 5.0 |
| 2007-10-17 | CVE-2007-5511 | SQL Injection vulnerability in Oracle Database Server SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. | 6.5 |
| 2007-10-17 | CVE-2007-5510 | Unspecified vulnerability in Oracle Database Server Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15, (9) DB16, (10) DB17, and (11) DB18. | 6.5 |
| 2007-10-17 | CVE-2007-5509 | Unspecified vulnerability in Oracle Database Server 9.2.0.8/9.2.0.8Dv Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06. | 6.5 |
| 2007-10-17 | CVE-2007-5508 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. | 6.5 |