dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-08-16
Updated
2008-09-09
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.
Max CVSS
4.6
EPSS Score
0.06%
Published
2001-12-06
Updated
2016-10-18
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable.
Max CVSS
4.6
EPSS Score
0.05%
Published
2001-11-30
Updated
2017-07-11
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.
Max CVSS
4.6
EPSS Score
0.06%
Published
2001-11-29
Updated
2017-07-11

CVE-2006-2081

Public exploit
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se.
Max CVSS
4.6
EPSS Score
97.35%
Published
2006-04-27
Updated
2018-10-18
Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.
Max CVSS
4.3
EPSS Score
0.21%
Published
2007-01-17
Updated
2017-07-29
Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03).
Max CVSS
4.4
EPSS Score
0.48%
Published
2007-04-18
Updated
2018-10-16
Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to the IMP_FULL_DATABASE role.
Max CVSS
4.6
EPSS Score
0.43%
Published
2008-07-15
Updated
2012-10-23
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2604.
Max CVSS
4.0
EPSS Score
0.24%
Published
2008-07-15
Updated
2016-11-28
Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote authenticated attack vectors related to SYS.KUPF$FILE_INT.
Max CVSS
4.0
EPSS Score
0.70%
Published
2008-07-15
Updated
2012-10-23
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors.
Max CVSS
4.0
EPSS Score
0.70%
Published
2008-07-15
Updated
2012-10-23
Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL.
Max CVSS
4.0
EPSS Score
0.73%
Published
2009-04-15
Updated
2012-10-23
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors.
Max CVSS
4.0
EPSS Score
0.52%
Published
2009-07-14
Updated
2017-08-17
Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.
Max CVSS
4.3
EPSS Score
86.85%
Published
2009-07-14
Updated
2017-08-17
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV.
Max CVSS
4.9
EPSS Score
0.17%
Published
2009-10-22
Updated
2012-10-23
Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors.
Max CVSS
4.0
EPSS Score
0.10%
Published
2010-01-13
Updated
2012-10-23
Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
Max CVSS
4.9
EPSS Score
0.11%
Published
2010-01-13
Updated
2012-10-23
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3413.
Max CVSS
4.9
EPSS Score
0.09%
Published
2010-01-13
Updated
2016-11-23
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality via unknown vectors.
Max CVSS
4.0
EPSS Score
0.18%
Published
2010-04-13
Updated
2012-10-23
Unspecified vulnerability in the JavaVM component in Oracle Database 10.2.0.4, 11.1.0.7, and 11.2.0.1.0 allows remote authenticated users to affect integrity via unknown vectors.
Max CVSS
4.0
EPSS Score
0.11%
Published
2010-04-13
Updated
2012-10-23
Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors.
Max CVSS
4.3
EPSS Score
0.16%
Published
2010-07-13
Updated
2012-10-23
Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors.
Max CVSS
4.3
EPSS Score
0.17%
Published
2010-10-14
Updated
2010-11-11
Unspecified vulnerability in the Job Queue component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DBMS_IJOB.
Max CVSS
4.6
EPSS Score
0.18%
Published
2010-10-14
Updated
2010-11-11

CVE-2010-2415

Public exploit
Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
Max CVSS
4.9
EPSS Score
14.07%
Published
2010-10-14
Updated
2010-11-11
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS.
Max CVSS
4.9
EPSS Score
0.22%
Published
2011-01-19
Updated
2017-08-17
91 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!