Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-18 | CVE-2007-2109 | Multiple vulnerability in Oracle Database Server 10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). network oracle | 6.0 |
| 2007-04-18 | CVE-2007-2108 | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. | 6.8 |
| 2007-03-22 | CVE-2007-1609 | Cross-Site Scripting vulnerability in Oracle Application Server 10.1.2.0.0 Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. network oracle | 4.3 |
| 2007-03-19 | CVE-2007-1506 | Cross-Site Scripting vulnerability in Oracle Portal P_OldURL Parameter Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. network oracle | 4.3 |
| 2007-03-07 | CVE-2006-7158 | Cross-Site Scripting vulnerability in Oracle Apex 2.0/2.1/2.2 Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. network oracle | 4.3 |
| 2007-03-07 | CVE-2006-7138 | SQL Injection vulnerability in Oracle Apex 2.0/2.1 SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. | 6.0 |
| 2007-03-02 | CVE-2006-7067 | Local Security vulnerability in Oracle Database Server 10.2.1 Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. | 6.0 |
| 2007-01-23 | CVE-2007-0426 | Products Multiple vulnerability in Oracle Weblogic Portal 9.2 BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions. network oracle | 6.8 |
| 2007-01-23 | CVE-2007-0423 | Products Multiple vulnerability in Oracle Weblogic Portal 9.2 BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. local oracle | 4.4 |
| 2007-01-17 | CVE-2007-0297 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03. | 4.0 |