QwikSec

Security Database

CVE

CWE

Training

CVE-2007-3853

Published: Jul 18, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_SECUNIA

http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_HP

oracle-cpu-july2007(35490)

vdb-entry

x_refsource_XF

http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

20070718 Oracle Security: SQL Injection in package DBMS_PRVTAQIS

mailing-list

x_refsource_BUGTRAQ

http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.