Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

Remediation

References

CVE-2007-3854

Related Vulnerabilities

WordPress Plugin Swift Landing Page Cross-Site Request Forgery (1.1)

osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-1991)

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More Security Bypass (16.26.6)

WordPress Plugin Polldaddy Polls & Ratings Cross-Site Request Forgery (2.0.20)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36469)

Severity

Medium

Classification

CVE-2007-3854

Tags

Missing Update Known Vulnerabilities