Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-12-23 CVE-2006-6703 Cross-Site Scripting vulnerability in Oracle Portal Container_Tabs.JSP
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
network
oracle
6.8
6.8
2006-12-23 CVE-2006-6699 Remote Security vulnerability in Oracle Application Server Portal 9.0.2
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp.
network
low complexity
oracle
5.0
5.0
2006-10-28 CVE-2006-5599 Cross-Site Scripting vulnerability in Oracle Apex 2.2
Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package.
network
oracle
4.3
4.3
2006-08-18 CVE-2006-4227 Improper Input Validation vulnerability in multiple products
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
network
low complexity
mysql oracle CWE-20
6.5
6.5
2006-07-21 CVE-2006-3720 Multiple vulnerability in Oracle Enterprise Manager 10.1.0.3
Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02.
network
low complexity
oracle
5.5
5.5
2006-07-21 CVE-2006-3719 Multiple vulnerability in Oracle Enterprise Manager 9.0.1.0/9.2.0.1
Unspecified vulnerability in CORE: Repository for Oracle Enterprise Manager 9.0.1.0 and 9.2.0.1 has unknown impact and attack vectors, aka Oracle Vuln# EM01.
network
low complexity
oracle
5.5
5.5
2006-07-21 CVE-2006-3714 Multiple vulnerability in Oracle July 2006 Security Update
Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10.
network
low complexity
oracle
5.0
5.0
2006-07-21 CVE-2006-3713 Multiple vulnerability in Oracle Application Server 10.1.3.0
Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09.
network
high complexity
oracle
4.0
4.0
2006-07-21 CVE-2006-3712 Multiple vulnerability in Oracle Application Server 10.1.2.0.0/9.0.4.2
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07.
network
low complexity
oracle
5.0
5.0
2006-07-21 CVE-2006-3711 Multiple vulnerability in Oracle July 2006 Security Update
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06.
network
high complexity
oracle
4.0
4.0