Filtered by vendor Oracle
Subscriptions
Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-1869 | 1 Oracle | 1 Database Server | 2024-08-07 | N/A |
Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04. | ||||
CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2024-08-07 | N/A |
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | ||||
CVE-2006-0369 | 1 Oracle | 1 Mysql | 2024-08-07 | N/A |
MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access | ||||
CVE-2006-1517 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2024-08-07 | N/A |
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | ||||
CVE-2006-1516 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2024-08-07 | N/A |
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | ||||
CVE-2006-1518 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-08-07 | N/A |
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. | ||||
CVE-2006-1358 | 1 Oracle | 1 Weblogic Portal | 2024-08-07 | N/A |
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. | ||||
CVE-2006-1037 | 1 Oracle | 2 Diagnostics, E-business Suite | 2024-08-07 | N/A |
SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
CVE-2006-1035 | 1 Oracle | 2 Diagnostics, E-business Suite | 2024-08-07 | N/A |
Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. | ||||
CVE-2006-1036 | 1 Oracle | 1 Diagnostics | 2024-08-07 | N/A |
Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions." | ||||
CVE-2006-0903 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2024-08-07 | N/A |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | ||||
CVE-2006-0552 | 1 Oracle | 12 10g Enterprise Manager Grid Control, Application Server, Collaboration Suite and 9 more | 2024-08-07 | N/A |
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. | ||||
CVE-2006-0550 | 1 Oracle | 1 Oracle Client | 2024-08-07 | N/A |
Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DBC02 from the January 2006 CPU, in which case this would be a duplicate of CVE-2006-0283. However, there are enough inconsistencies that the mapping can not be made authoritatively. | ||||
CVE-2006-0547 | 1 Oracle | 1 Database Server | 2024-08-07 | N/A |
Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265. | ||||
CVE-2006-0586 | 1 Oracle | 2 Application Server, Oracle10g | 2024-08-07 | N/A |
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. | ||||
CVE-2006-0548 | 1 Oracle | 1 Database Server | 2024-08-07 | N/A |
SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. | ||||
CVE-2006-0551 | 1 Oracle | 1 Database Server | 2024-08-07 | N/A |
SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0259 or, if it is DB05, subsumed by CVE-2006-0260. | ||||
CVE-2006-0549 | 1 Oracle | 1 Database Server | 2024-08-07 | N/A |
SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259. | ||||
CVE-2006-0435 | 1 Oracle | 2 Application Server, Http Server | 2024-08-07 | N/A |
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. | ||||
CVE-2006-0425 | 1 Oracle | 1 Weblogic Portal | 2024-08-07 | N/A |
BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. |