http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html "Executive Summaries Oracle Database Executive Summary This Critical Patch Update contains 20 new security fixes for the Oracle Database including 1 new security fix for Application Express. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. None of these fixes are applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed. The highest CVSS base score of vulnerabilities affecting Oracle Database products is 4.2." Paul