| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. |
| The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. |
| Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02. |
| Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities." |
| The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER. |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081. |
| Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4. |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE. |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway. |
| Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument. |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. |
| The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. |
| Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information. |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." |
| The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. |
| Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission. |
| Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. |
| Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. |
