Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-07-18 12:30
Updated : 2017-07-28 18:32
NVD link : CVE-2007-3854
Mitre link : CVE-2007-3854
JSON object : View
CWE
Products Affected
oracle
- application_server
- e-business_suite
- secure_enterprise_search
- collaboration_suite
- peoplesoft_enterprise_peopletools
- apex
- peoplesoft_enterprise_customer_relationship_management
- database_server
- peoplesoft_enterprise_human_capital_management