Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-04-19 | CVE-2007-1009 | Authentication Bypass vulnerability in Macrovision Installanywhere 8 Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file. | 4.6 |
2007-04-18 | CVE-2007-2119 | Multiple vulnerability in Oracle Application Server and Database Server Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. network oracle | 6.8 |
2007-04-18 | CVE-2007-2117 | Multiple vulnerability in Oracle Database Server 9.2.0.5 Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. | 6.8 |
2007-04-18 | CVE-2007-2115 | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.2/9.2.0.7 Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. network oracle | 6.8 |
2007-04-18 | CVE-2007-2112 | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. network oracle | 6.0 |
2007-04-18 | CVE-2007-2111 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7 SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. | 6.5 |
2007-04-18 | CVE-2007-2110 | Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.7 Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. | 4.4 |
2007-04-18 | CVE-2007-2109 | Multiple vulnerability in Oracle Database Server 10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). network oracle | 6.0 |
2007-04-18 | CVE-2007-2108 | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. | 6.8 |
2007-04-18 | CVE-2007-2102 | Cross-Site Scripting vulnerability in My Little Weblog Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. network my-little-homepage | 6.8 |