Description

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

Remediation

References

CVE-2007-1442

Related Vulnerabilities

MySQL CVE-2013-1531 Vulnerability (CVE-2013-1531)

WordPress Plugin Cimy Counter HTTP Response Splitting and Cross-Site Scripting Vulnerabilities (0.9.4)

WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.0.2)

Apache HTTP Server Other Vulnerability (CVE-2003-0192)

SharePoint CVE-2018-8161 Vulnerability (CVE-2018-8161)

Severity

High

Classification

CVE-2007-1442

Tags

Missing Update Known Vulnerabilities