OSVDB: Open Sourced Vulnerability Database

Creditee: Esteban Martínez Fayó

Known Contact Information:

None at this time

Known Affiliations:

Application Security Inc. (as of 2004-04-13)

Disclosed Vulnerabilities (27):

Disc. Date	OSVDB ID	CVEID	Title
2013-01-15	89201	2013-0372	Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component Distributed/Cross DB Features Subcomponent advRepl/advReplicationAdmin Multiple Parameter SQL Injection
2013-01-15	89199	2013-0374	Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component Database Cloning Subcomponent dBClone Multiple Parameter SQL Injection
2013-01-15	89200	2013-0355	Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component Distributed/Cross DB Features Subcomponent advReplicationAdmin XSS
2013-01-15	89202	2013-0373	Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component Distributed/Cross DB Features Subcomponent dist/streams/queue Multiple Parameter SQL Injection
2013-01-15	89204	2013-0354	Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component Policy Framework Subcomponent /em/console/ecm/policy/policyViewSettings pagename Parameter HTTP Response Splitting
2013-01-15	89205	2013-0358	Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component Resource Manager Subcomponent instance/rsrcpln Multiple Parameter SQL Injection
2013-01-07	89033		Sybase Adaptive Server Enterprise ASE Plugin Table Creation Unspecified Privilege Escalation
2012-09-21	85863	2012-3137	Oracle Database Authentication Protocol Arbitrary User Session Key / Salt Remote Disclosure
2012-07-25	84222		Sybase Adaptive Server Enterprise ASE Plugin for Sybase Central Table Creation Unspecified Remote Privilege Escalation
2012-07-25	84219		Sybase Adaptive Server Enterprise Java Method Multiple Unspecified Remote Privilege Escalation
2012-04-17	81270	2012-0511	Oracle Database Server OCIPasswordChange API Authentication Attempt Logging Bypass Brute Force Weakness
2012-04-17	81267	2012-0512	Oracle Database Server / Enterprise Manager Database Grid Control /em/console/ecm/config/compareWizard/compareWizFirstConfig fConfigGuid Parameter SQL Injection
2012-04-17	81268	2012-0525	Oracle Database Server / Enterprise Manager Database Grid Control /em/console/ecm/search/searchPage SCPLBL_INSTALLED_DATE0DI Parameter SQL Injection
2012-04-17	81271	2012-0527	Oracle Database Server / Enterprise Manager Database Grid Control /em/console/database/schema/grantObjPrivs pageName Parameter HTTP Response Splitting
2012-04-17	81272	2012-0510	Oracle Database Server OCIPasswordChange API Password Change Account Lock Bypass Brute Force Weakness
2012-04-17	81273	2012-0526	Oracle Database Server / Enterprise Manager Database Grid Control /em/console/database/schema/table prevPage Parameter HTTP Response Splitting
2012-04-17	81274	2012-0528	Oracle Database Server /em/console/logon/logon Session Fixation
2012-03-14	80043	2012-0353	Cisco Adaptive Security Appliances UDP Inspection Engine Flow Handling UDP Packet Parsing Remote DoS
2011-04-19	71952	2011-0785	Oracle Multiple Products Oracle Help help/topics/iastop_cs/iastop_cs_farm_page.html locale Parameter XSS
2011-04-19	71953	2011-0787	Oracle Multiple Products Application Service Level Management /em/console/target/svclvl/slrule targetType Parameter SQL Injection
2011-01-18	70555	2010-4420	Oracle Database Server Database Vault GIF Filename Local Session ID Disclosure Weakness
2011-01-18	70556	2010-4421	Oracle Database Server Database Vault Admistrator Unspecified CSRF
2010-10-13	70078	2010-2415	Oracle Database Server Change Data Capture DBMS_CDC_ PUBLISH CREATE_CHANGE_SET Procedure SQL Injection
2008-10-13	49324	2008-3982	Oracle Database Workspace Manager SYS.LT.COMPRESSWORKSPACE SQL Injection
2008-10-13	49325	2008-3983	Oracle Database Workspace Manager SYS.LT.MERGEWORKSPACE SQL Injection
2008-10-13	49326	2008-3984	Oracle Database Workspace Manager SYS.LT.REMOVEWORKSPACE SQL Injection
2004-04-13	5254	2003-0908	Microsoft Windows Utility Manager Privilege Escalation

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.