Database_server - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Database_server
(Oracle)

Repositories	• https://github.com/madler/zlib • https://github.com/FasterXML/jackson-databind
#Vulnerabilities	502

Date	Id	Summary	Products	Score	Patch	Annotated
2007-04-18	CVE-2007-2108	Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges.	Windows, Database_server	N/A
2007-03-13	CVE-2007-1442	Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.	Database_server	N/A
2007-01-17	CVE-2007-0278	Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).	Database_server	N/A
2007-01-17	CVE-2007-0277	Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.	Database_server	N/A
2007-01-17	CVE-2007-0276	Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).	Database_server	N/A
2007-01-17	CVE-2007-0275	Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.	Application_server, Collaboration_suite, Database_server, E\-Business_suite	N/A
2007-01-17	CVE-2007-0274	Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and...	Database_server	N/A
2007-01-17	CVE-2007-0273	Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.	Database_server	N/A
2007-01-17	CVE-2007-0272	Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05.	Database_server	N/A
2007-01-17	CVE-2007-0271	Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.	Database_server	N/A