Filtered by vendor Oracle
Subscribe
Total
9733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3440 | 1 Oracle | 1 Database Server | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08. | |||||
| CVE-2005-3439 | 1 Oracle | 1 Database Server | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7) DB20, (8) DB21, (9) DB22, (10) DB23, (11) DB24, and (12) DB25 in the Spatial component. | |||||
| CVE-2005-3438 | 1 Oracle | 1 Database Server | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager. | |||||
| CVE-2005-3437 | 1 Oracle | 1 Database Server | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01. | |||||
| CVE-2005-3207 | 1 Oracle | 1 Forms | 2024-11-21 | 5.0 MEDIUM | N/A |
| The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command. | |||||
| CVE-2005-3206 | 1 Oracle | 1 Database Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | |||||
| CVE-2005-3205 | 1 Oracle | 1 Database Server | 2024-11-21 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | |||||
| CVE-2005-3204 | 1 Oracle | 2 Application Server, Oracle9i | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. | |||||
| CVE-2005-3203 | 1 Oracle | 1 Html Db | 2024-11-21 | 4.6 MEDIUM | N/A |
| The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | |||||
| CVE-2005-3202 | 1 Oracle | 1 Html Db | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. | |||||
| CVE-2005-2983 | 1 Oracle | 1 Reports | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | |||||
| CVE-2005-2680 | 1 Oracle | 1 Weblogic Portal | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. | |||||
| CVE-2005-2573 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-11-20 | 5.0 MEDIUM | N/A |
| The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. | |||||
| CVE-2005-2572 | 1 Oracle | 1 Mysql | 2024-11-20 | 8.5 HIGH | N/A |
| MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. | |||||
| CVE-2005-2558 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-11-20 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. | |||||
| CVE-2005-2379 | 1 Oracle | 1 Reports | 2024-11-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. | |||||
| CVE-2005-2378 | 1 Oracle | 1 Reports | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU. | |||||
| CVE-2005-2372 | 1 Oracle | 1 Forms | 2024-11-20 | 7.2 HIGH | N/A |
| Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet. | |||||
| CVE-2005-2371 | 1 Oracle | 1 Reports | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289. | |||||
| CVE-2005-2294 | 1 Oracle | 1 Forms | 2024-11-20 | 2.1 LOW | N/A |
| Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers. | |||||