Vulnerabilities > Oracle > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-17 | CVE-2007-0276 | Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5 Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). | 6.8 |
2007-01-17 | CVE-2007-0274 | Multiple vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7 Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). | 6.5 |
2007-01-17 | CVE-2007-0273 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. network oracle | 4.3 |
2007-01-17 | CVE-2007-0271 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. | 6.5 |
2007-01-17 | CVE-2007-0270 | Buffer Errors vulnerability in Oracle Database Server 10.1.0.4/9.2.0.7 Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03. | 6.5 |
2007-01-17 | CVE-2007-0269 | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3/9.2.0.8 Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. | 5.5 |
2007-01-17 | CVE-2007-0268 | Multiple vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7 Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). | 6.5 |
2007-01-17 | CVE-2007-0222 | Remote Directory Traversal vulnerability in Oracle Application Server 10.1.3 Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. | 5.0 |
2006-12-23 | CVE-2006-6703 | Cross-Site Scripting vulnerability in Oracle Portal Container_Tabs.JSP Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. network oracle | 6.8 |
2006-12-23 | CVE-2006-6699 | Remote Security vulnerability in Oracle Application Server Portal 9.0.2 Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. | 5.0 |