RSS   Vulnerabilities for 'APEX'   RSS

2007-07-18
 
CVE-2007-3860

 

 
Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.

 
 
CVE-2007-3854

CWE-noinfo
 

 
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

 
2007-03-07
 
CVE-2006-7158

 

 
Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.

 
 
CVE-2006-7138

CWE-89
 

 
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.

 
2006-10-27
 
CVE-2006-5599

 

 
Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.

 
2006-10-17
 
CVE-2006-5352

 

 
Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.

 
 
CVE-2006-5351

CWE-noinfo
 

 
Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers.

 

 >>> Vendor: Oracle 432 Products
Oracle8i
Database server
Http server
Database assistant
Web listener
Application server
Listener
Internet directory
Oracle9i
E-business suite
JSP
Application server web cache
Corporate time outlook connector
Reports
Configurator
Applications
Oracle files
Application server portal
Collaboration suite
Enterprise manager
Enterprise manager database control
Enterprise manager grid control
Oracle10g
Database server lite
10g reports server
Forms
Jdeveloper
Forms builder
Html db
Clinical
10g enterprise manager database control
Enterprise manager application server control
Peoplesoft enterprise
Enterpriseone
Peoplesoft enterprise customer relationship management
Application server discussion forum portlet
Peoplesoft enterprise portal
Oracle client
10g enterprise manager grid control
Developer suite
Workflow
Diagnostics
Collaboration suite 10g release 1
Peoplesoft enterprise tools
Pharmaceutical
Exchange
APEX
Rapid install web server
Peoplesoft enterprise human capital management
Peoplesoft enterprise peopletools
Secure enterprise search
Jinitiator
Enterprise grid console server
Opmn daemon
Application server 9i
Application express
Database 9i
Application server 10g
Database 10g
Database 11g
E-business suite 11i
E-business suite 12
Peoplesoft hcm eperformance
Siebel enterprise
Bea product suite
Weblogic server
Webloic server component
Weblogic server component
Oracle portal component
Report manager component
Application object library
Advanced replication
Enterprise manager 10g
Instance management component
Advanced replication component
Oracle database
Oracle application server
Mobile application server
Times ten client server component
Times ten in memory database
Times ten client server
Spatial component
Data pump component
Authentication component
Advanced queuing component
Oracle applications technology stack component
Core rdbms component
Hyperion bi plus component
Database scheduler
Oracle http server component
Jd edwards enterpriseone
Peoplesoft peopletools component
Peoplesoft peopletools
Glassfish server
Database 11i
Jd edwards enterpriseone ep
Secure backup
Weblogic workshop
Timesten in-memory database
Enterprise manager grid control 10g
See all Products for Vendor Oracle


Copyright 2017, cxsecurity.com