Oracle E-Business Suite vulnerabilities

CVE-2006-1035 [HIGH] CVE-2006-1035: Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers t Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors.

CVE-2006-0552 [HIGH] CVE-2006-0552: Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.

CVE-2006-0277 [CRITICAL] CVE-2006-0277: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspec Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Application

CVE-2006-0288 [CRITICAL] CVE-2006-0288: Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02.

CVE-2006-0279 [CRITICAL] CVE-2006-0279: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecifie Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning component.

CVE-2006-0284 [CRITICAL] CVE-2006-0284: Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Busi Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component.

CVE-2006-0291 [CRITICAL] CVE-2006-0291: Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF02 and (2) WF03 in the Oracle Workflow Cartridge component.

CVE-2006-0278 [CRITICAL] CVE-2006-0278: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unspeci Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS02 in the (a) CRM Technical Foundation component; (2) APPS03 in the (b) iProcurement component; and (3) APPS04, (4) APPS05, and (5) APPS06 in the Oracle Application Object Library component

CVE-2006-0290 [CRITICAL] CVE-2006-0290: Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1 Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln# WF01 in the Oracle Workflow Cartridge component.

CVE-2006-0289 [CRITICAL] CVE-2006-0289: Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suit Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005

CVE-2005-3459 [CRITICAL] CVE-2005-3459: Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown im Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical.

CVE-2005-3457 [CRITICAL] CVE-2005-3457: Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS.

CVE-2005-3455 [CRITICAL] CVE-2005-3455: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Install; (2) APPS02 and (3) APPS03 in Application Object Library; (4) APPS05 and (5) APPS06 in Applications Technology Stack; (6) APPS07 in Applications Utilities;

CVE-2004-0543 [CRITICAL] CVE-2004-0543: Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5. Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.

CVE-2004-1363 [CRITICAL] CWE-131 CVE-2004-1363: Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via envir Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

CVE-2004-1371 [CRITICAL] CWE-119 CVE-2004-1371: Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code v Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

CVE-2004-1362 [HIGH] CVE-2004-1362: The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.

CVE-2004-1370 [HIGH] CVE-2004-1370: Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9 Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.

CVE-2004-1368 [HIGH] CVE-2004-1368: ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.

CVE-2004-1364 [HIGH] CWE-22 CVE-2004-1364: Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.