Description
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-4260 Vulnerability (CVE-2014-4260)
WildFly Application Server Uncontrolled Resource Consumption Vulnerability (CVE-2016-9589)
Oracle Database Server CVE-2007-2112 Vulnerability (CVE-2007-2112)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5270)
Liferay Portal CVE-2021-38266 Vulnerability (CVE-2021-38266)