Executive Summary
Summary | |
---|---|
Title | HP Oracle for OpenView (OfO) Critical Patch Update |
Informations | |||
---|---|---|---|
Name | HPSBMA02133 SSRT061201 | First vendor Publication | 2006-07-19 |
Vendor | HP | Last vendor Modification | 2008-07-15 |
Severity (Vendor) | N/A | Revision | 9 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Oracle® has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO). |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2007-07-12 | Oracle Database SQL Compiler Views Unauthorized Manipulation |
2007-07-19 | Oracle 9i/10g Evil Views - Change Passwords Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2011-12-07 | Name : Oracle Database Server Multiple Components Multiple Vulnerabilities File : nvt/gb_oracle_database_server_mult_comp_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40011 | Oracle E-Business Suite Payables Payable User Unspecified Remote Information ... |
40010 | Oracle E-Business Suite Payables Payable User Unspecified Remote Information ... |
40009 | Oracle E-Business Suite Payables Payable User Unspecified Remote Information ... |
40008 | Oracle E-Business Suite iRecruitment Administrator Unspecified Remote Informa... |
40007 | Oracle E-Business Suite Human Resources Unspecified Remote Information Disclo... |
40006 | Oracle E-Business Suite Application Object Library Unspecified Remote Informa... |
40005 | Oracle E-Business Suite Payments Unspecified Remote Information Disclosure |
40004 | Oracle E-Business Suite Customer Intelligence Unspecified Remote Information ... |
40003 | Oracle E-Business Suite Application Object Library HTTP Unspecified Remote In... |
40002 | Oracle E-Business Suite Application Object Library HTTP Unspecified Remote In... |
40001 | Oracle E-Business Suite Application Object Library HTTP Unspecified Remote In... |
40000 | Oracle E-Business Suite iExpenses HTTP Unspecified Remote Issue |
39999 | Oracle E-Business Suite Configurator HTTP Unspecified Remote Issue |
39998 | Oracle E-Business Suite Customer Intelligence Unspecified Remote Unauthentica... |
39997 | Oracle Database SQL Compiler Views Unauthorized Manipulation |
39996 | Oracle Database Spatial MDSYS.RTREE_IDX Unspecified Remote DoS |
39994 | Oracle Database Spatial MDSYS.SDO_GEOR_INT Unspecified Remote DoS |
39993 | Oracle Database JavaVM Unspecified Remote Issue |
39992 | Oracle Database Progam Interface Unspecified Remote DoS |
39991 | Oracle Database Spatial MDSYS.MD Unspecified Overflow |
39990 | Oracle Database Rules Manager EXFSYS.DBMS_RLMGR_UTL Unspecified Remote Issue |
39989 | Oracle Database PL/SQL SYS.DBMS_STANDARD Unspecified Remote Issue |
39987 | Oracle Database Text Session Creation Unspecified Remote Issue (DB09) |
39986 | Oracle Database Text CTXSYS.DRVXMD Unspecified Remote Issue |
39985 | Oracle Database Text CTXSYS.DRI_MOVE_CTXSYS Unspecified Remote Issue |
39984 | Oracle Database Text CTXSYS.DRVXMD Unspecified Remote Issue |
39983 | Oracle Database Text Session Creation Unspecified Remote Issue (DB05) |
39978 | Oracle Database Data Mining DMSYS.DMP_SYS Unspecified Remote Issue |
39977 | Oracle Database DataGuard SYS.DBMS_DRS.GET_PROPERTY Remote Overflow |
39976 | Oracle Database Advanced Queuing SYS.DBMS_PRVTAQIS Unspecified SQL Injection |
39975 | Oracle Database JavaVM DBMS_JAVA_TEST DBMS_PRVTAQIS SQL Injection |
39974 | Oracle Internet Directory LDAP Unspecified Remote Information Disclosure |
39973 | Oracle JDeveloper JBO.SERVER HTTP Unspecified Local Issue |
39972 | Oracle JDeveloper JBO.KEY Unspecified Remote DoS |
39971 | Oracle Application Server Single Sign On (SSO) HTTP Unspecified Remote Issue |
39970 | Oracle Application Express wwv_flow_security.check_db_password Function SQL I... |
39969 | Oracle Instant Messaging/Presence HTTP Unspecified Remote Issue |
39968 | Oracle PeopleSoft Human Capital Management Unspecified Local Information Disc... PeopleSoft Human Capital Management (HCM) contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when a manager with access to the "View Employee Personal Info" component creates a URL pointing to the component while specifying an alternate employee ID, which will disclose the addresses of employees who may not report to them resulting in a loss of confidentiality. |
39967 | Oracle PeopleSoft Human Capital Management Unspecified Local Issue PeopleSoft Human Capital Management contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when a manager with access to Absence Management components alters a URL substituting another employee ID, which will disclose and allow the editing of the absence information of an employee who may not report to the manager, resulting in a loss of confidentiality and integrity. |
39966 | Oracle PeopleSoft Customer Relationship Management Online Marketing HTTP Unsp... PeopleSoft CRM Online Marketing contains a flaw related to what may be the login component that may allow an attacker to capture usernames and passwords. No further details have been provided. |
39965 | Oracle PeopleSoft Customer Relationship Management Online Marketing Unspecifi... PeopleSoft CRM Online Marketing contains a flaw related where a "password is passed unencrypted from DES to AppServer", according to the vendor. No further details have been provided. |
39964 | Oracle PeopleSoft PeopleTools PIA Component Unspecified XSS (PSE03) PeopleSoft PeopleTools contains a flaw that allows a remote cross site scripting attack. This flaw exists because of a validation issue inside the PeopleSoft Internet Architecture (PIA). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
39963 | Oracle PeopleSoft PeopleTools Reporting Run Control Parameters Unspecified Re... PeopleSoft PeopleTools contains a flaw related to run control parameters in reporting. No further details have been provided. |
39962 | Oracle PeopleSoft PeopleTools App Designer Component Unspecified Remote Issue PeopleSoft PeopleTools contains a flaw related to the App Designer component. No further details have been provided. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle database SQL compiler read-only join auth bypass attempt RuleID : 17419 - Revision : 7 - Type : SERVER-ORACLE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-02-20 | Name : The remote host is running a vulnerable version of Oracle Apex. File : oracle_apex_pre301.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO |
2011-11-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2007.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:45:52 |
|