Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-21 | CVE-2006-3709 | Multiple vulnerability in Oracle July 2006 Security Update Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04. | 5.0 |
| 2006-07-21 | CVE-2006-3706 | Multiple vulnerability in Oracle Application Server 9.0.2.3 Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01. | 5.0 |
| 2006-07-21 | CVE-2006-3469 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message. | 4.0 |
| 2006-06-19 | CVE-2006-3081 | Remote Denial Of Service vulnerability in MySQL Server Str_To_Date mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. | 4.0 |
| 2006-05-05 | CVE-2006-1518 | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. | 6.5 |
| 2006-05-05 | CVE-2006-1517 | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | 5.0 |
| 2006-05-05 | CVE-2006-1516 | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | 5.0 |
| 2006-04-27 | CVE-2006-2081 | SQL Injection vulnerability in Oracle 10g DBMS_EXPORT_EXTENSION Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. | 4.6 |
| 2006-04-20 | CVE-2006-1871 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7 SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. | 6.5 |
| 2006-03-22 | CVE-2006-1358 | Information Disclosure vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. | 5.0 |