Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

Remediation

References

CVE-2007-3854

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23173)

Atlassian Jira Observable Discrepancy Vulnerability (CVE-2020-4028)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2950)

WordPress Plugin WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection-StopBadBots Cross-Site Scripting (6.61)

Oracle Database Server CVE-2012-3151 Vulnerability (CVE-2012-3151)

Severity

Medium

Classification

CVE-2007-3854

Tags

Missing Update Known Vulnerabilities