Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2007-04-19	CVE-2007-1009	Authentication Bypass vulnerability in Macrovision Installanywhere 8 Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file. local low complexity macrovision	4.6
2007-04-18	CVE-2007-2119	Multiple vulnerability in Oracle Application Server and Database Server Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. network oracle	6.8
2007-04-18	CVE-2007-2117	Multiple vulnerability in Oracle Database Server 9.2.0.5 Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. local low complexity oracle	6.8
2007-04-18	CVE-2007-2115	Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.2/9.2.0.7 Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. network oracle	6.8
2007-04-18	CVE-2007-2112	Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. network oracle	6.0
2007-04-18	CVE-2007-2111	SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7 SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. network low complexity oracle CWE-89	6.5
2007-04-18	CVE-2007-2110	Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.7 Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. local oracle microsoft	4.4
2007-04-18	CVE-2007-2109	Multiple vulnerability in Oracle Database Server 10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). network oracle	6.0
2007-04-18	CVE-2007-2108	Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. network microsoft oracle CWE-264	6.8
2007-04-18	CVE-2007-2102	Cross-Site Scripting vulnerability in My Little Weblog Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. network my-little-homepage	6.8

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium