QwikSec

Security Database

CVE

CWE

Training

CVE-2007-3854

Published: Jul 18, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_SECUNIA

http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

oracle-prvtaqis-sql-injection(35497)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_HP

oracle-cpu-july2007(35490)

vdb-entry

x_refsource_XF

http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.