Filtered by vendor Oracle
Subscribe
Total
9733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2293 | 1 Oracle | 1 Forms Builder | 2024-11-20 | 2.1 LOW | 5.5 MEDIUM |
| Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information. | |||||
| CVE-2005-2292 | 1 Oracle | 1 Jdeveloper | 2024-11-20 | 2.1 LOW | N/A |
| Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information. | |||||
| CVE-2005-2291 | 1 Oracle | 1 Jdeveloper | 2024-11-20 | 4.6 MEDIUM | N/A |
| Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | |||||
| CVE-2005-2093 | 1 Oracle | 1 Application Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2005-1749 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2024-11-20 | 5.0 MEDIUM | N/A |
| Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). | |||||
| CVE-2005-1748 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2024-11-20 | 5.0 MEDIUM | N/A |
| The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service. | |||||
| CVE-2005-1747 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2024-11-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password. | |||||
| CVE-2005-1746 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2024-11-20 | 5.0 MEDIUM | N/A |
| The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. | |||||
| CVE-2005-1745 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2024-11-20 | 4.6 MEDIUM | N/A |
| The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. | |||||
| CVE-2005-1743 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2024-11-20 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions. | |||||
| CVE-2005-1742 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2024-11-20 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." | |||||
| CVE-2005-1636 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-11-20 | 4.6 MEDIUM | N/A |
| mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. | |||||
| CVE-2005-1496 | 1 Oracle | 2 Application Server, Oracle10g | 2024-11-20 | 4.6 MEDIUM | N/A |
| The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | |||||
| CVE-2005-1495 | 1 Oracle | 3 Application Server, Oracle10g, Oracle9i | 2024-11-20 | 7.5 HIGH | N/A |
| Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | |||||
| CVE-2005-1383 | 1 Oracle | 1 Application Server | 2024-11-20 | 7.5 HIGH | N/A |
| The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. | |||||
| CVE-2005-1382 | 1 Oracle | 1 Application Server Web Cache | 2024-11-20 | 5.0 MEDIUM | N/A |
| The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. | |||||
| CVE-2005-1381 | 1 Oracle | 1 Application Server Web Cache | 2024-11-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. | |||||
| CVE-2005-1197 | 1 Oracle | 1 Database Server | 2024-11-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. | |||||
| CVE-2005-1178 | 1 Oracle | 1 Forms | 2024-11-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature. | |||||
| CVE-2005-0873 | 1 Oracle | 1 10g Reports Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. | |||||