Description

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS.

Remediation

References

CVE-2007-3853

Related Vulnerabilities

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1576)

WordPress Plugin White Label CMS PHP Object Injection (2.4)

Joomla Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-10238)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6308)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-8235)

Severity

Medium

Classification

CVE-2007-3853

Tags

Missing Update Known Vulnerabilities