CVE-2006-5351 Information

Description

Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors aka Vuln (1) APEX01 (2) APEX02 (3) APEX03 (4) APEX05 (5) APEX06 (6) APEX07 (7) APEX08 (8) APEX09 (9) APEX10 (10) APEX11 (11) APEX12 (12) APEX13 (13) APEX14 (14) APEX15 (15) APEX16 (16) APEX17 (17) APEX18 (18) APEX19 (19) APEX22 (20) APEX23 (21) APEX24 (22) APEX25 (23) APEX26 (24) APEX27 (25) APEX28 (26) APEX29 (27) APEX30 (28) APEX31 (29) APEX32 (30) APEX33 (31) APEX34 and (32) APEX35. NOTE: as of 20061027 it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG but these have been provided separate identifiers.

Reference

http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/TA06-291A.html http://www.vupen.com/english/advisories/2006/4065