Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-03 | CVE-2007-3553 | Cross-Site Scripting vulnerability in Oracle Application Server and Rapid Install web Server Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. network oracle | 4.3 |
| 2007-06-30 | CVE-2007-3503 | Cross-Site Scripting vulnerability in Oracle JDK 1.5.0/1.6.0 The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-05-16 | CVE-2007-2692 | Privilege Escalation vulnerability in MySQL Security Invoker The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. | 6.0 |
| 2007-05-10 | CVE-2007-2583 | The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. | 4.0 |
| 2007-04-18 | CVE-2007-2119 | Multiple vulnerability in Oracle Application Server and Database Server Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. network oracle | 6.8 |
| 2007-04-18 | CVE-2007-2117 | Multiple vulnerability in Oracle Database Server 9.2.0.5 Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. | 6.8 |
| 2007-04-18 | CVE-2007-2115 | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.2/9.2.0.7 Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. network oracle | 6.8 |
| 2007-04-18 | CVE-2007-2112 | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. network oracle | 6.0 |
| 2007-04-18 | CVE-2007-2111 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7 SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. | 6.5 |
| 2007-04-18 | CVE-2007-2110 | Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.7 Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. | 4.4 |