Description

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

Remediation

References

CVE-2007-1442

Related Vulnerabilities

WordPress Plugin AVK-Shop Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

WordPress Plugin Name Directory Cross-Site Scripting (1.7.6)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7061)

WordPress Plugin Preview E-mails for WooCommerce Cross-Site Scripting (1.6.8)

GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23642)

Severity

High

Classification

CVE-2007-1442

Tags

Missing Update Known Vulnerabilities