| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13). |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14). |
| Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04. |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions. |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. |
| Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. NOTE: as of 20061027, Oracle has not disputed reports from a reliable researcher that these issues are related to (a) showenv and (b) parsequery for REP01, and (c) cellwrapper and (d) delimiter for REP02. |
| Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.1 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote authenticated attack vectors, aka Vuln# OC4J05. |
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and remote attack vectors related to (1) Oracle Containers for J2EE, aka Vuln# OC4J01, and (2) Oracle Process Mgmt & Notification, aka OPMN01. |
| Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. |
| Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors. |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community. |
| Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.22 GA, 8.46 GA, 8.47 GA, 8.48 GA, 8.22.11, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) PSE04, (2) PSE06, (3) PSE07, and (4) PSE08. |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07. |
| Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability |
| Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351. |
| Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293). |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package. |
| Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02. |
