Description

Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.

Remediation

References

CVE-2007-0274

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4219)

WordPress Plugin Mobile Events Manager CSV Injection (1.4.7)

WordPress Plugin Media Library Categories Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (14.1.7)

PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-43789)

Severity

Medium

Classification

CVE-2007-0274

Tags

Missing Update Known Vulnerabilities