Filtered by vendor Oracle
Subscribe
Total
9592 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0271 | 1 Oracle | 4 Database Server, Oracle10g, Oracle8i and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions. | |||||
CVE-2004-0956 | 3 Oracle, Suse, Ubuntu | 3 Mysql, Suse Linux, Ubuntu Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. | |||||
CVE-2005-3204 | 1 Oracle | 2 Application Server, Oracle9i | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. | |||||
CVE-2006-0435 | 1 Oracle | 2 Application Server, Http Server | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. | |||||
CVE-2006-0266 | 1 Oracle | 1 Database Server | 2023-12-10 | 9.0 HIGH | N/A |
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19. | |||||
CVE-2006-3713 | 1 Oracle | 1 Application Server | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09. | |||||
CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2023-12-10 | 2.1 LOW | N/A |
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | |||||
CVE-2005-1178 | 1 Oracle | 1 Forms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature. | |||||
CVE-2005-1745 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2023-12-10 | 4.6 MEDIUM | N/A |
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. | |||||
CVE-2006-1887 | 1 Oracle | 1 Enterpriseone | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01. | |||||
CVE-2006-0281 | 1 Oracle | 1 Enterpriseone | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01. | |||||
CVE-2005-3450 | 1 Oracle | 1 Application Server | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04. | |||||
CVE-2006-1517 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 5.0 MEDIUM | N/A |
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | |||||
CVE-2004-2345 | 1 Oracle | 1 Database Server | 2023-12-10 | 6.5 MEDIUM | N/A |
Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information. | |||||
CVE-2006-3715 | 1 Oracle | 1 Collaboration Suite | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Calendar for Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka Oracle Vuln# OCS01. | |||||
CVE-2006-0549 | 1 Oracle | 1 Database Server | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259. | |||||
CVE-2006-0258 | 1 Oracle | 1 Database Server | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03. | |||||
CVE-2006-3707 | 1 Oracle | 1 Application Server | 2023-12-10 | 3.6 LOW | N/A |
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02. | |||||
CVE-2005-3451 | 1 Oracle | 1 Application Server | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10. | |||||
CVE-2006-3081 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. |