| CVE-2004-1363 | Cri | 0.66 | 9.8 | 0.28 | | Aug 4, 2004 | Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. |
| CVE-2017-3515 | Med | 0.35 | 5.4 | 0.01 | | Apr 24, 2017 | Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: User Name/Password Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle User Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). |
| CVE-2013-0397 | | 0.05 | — | 0.30 | | Jan 17, 2013 | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics. |
| CVE-2004-1364 | | 0.04 | — | 0.15 | | Aug 4, 2004 | Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. |
| CVE-2004-0385 | | 0.04 | — | 0.44 | | Jun 1, 2004 | Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities." |
| CVE-2004-1371 | | 0.03 | — | 0.32 | | Aug 4, 2004 | Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. |
| CVE-2008-7235 | | 0.01 | — | 0.10 | | Sep 14, 2009 | Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04. |
| CVE-2007-3854 | | 0.01 | — | 0.09 | | Jul 18, 2007 | Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. |
| CVE-2007-3866 | | 0.01 | — | 0.07 | | Jul 18, 2007 | Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables. |
| CVE-2006-1882 | | 0.01 | — | 0.06 | | Apr 20, 2006 | Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture. |
| CVE-2004-0543 | | 0.01 | — | 0.10 | | Aug 6, 2004 | Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries. |
| CVE-2016-0575 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle Learning Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to OTA Self Service. |
| CVE-2016-0556 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0557. |
| CVE-2016-0528 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0529, and CVE-2016-0530. |
| CVE-2016-0527 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0528, CVE-2016-0529, and CVE-2016-0530. |
| CVE-2016-0526 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Wireless Framework. |
| CVE-2016-0524 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration. |
| CVE-2016-0521 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Redirection. |
| CVE-2016-0519 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0507. |
| CVE-2016-0518 | | 0.00 | — | 0.00 | | Jan 21, 2016 | Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0517. |
