Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-02 | CVE-2005-3437 | Multiple vulnerability in Oracle October Security Update Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01. | 10.0 |
| 2005-10-14 | CVE-2005-3207 | Remote Denial Of Service vulnerability in Oracle Forms Servlet TLS Listener The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command. | 5.0 |
| 2005-10-14 | CVE-2005-3206 | Remote Denial Of Service vulnerability in Oracle Database Server 9.0.2.4 iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | 5.0 |
| 2005-10-14 | CVE-2005-3205 | Cross-Site Scripting vulnerability in Oracle Database Server 9.0.2.4 Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | 3.5 |
| 2005-10-14 | CVE-2005-3204 | Cross-Site Scripting vulnerability in Oracle Application Server and Oracle9I Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. network oracle | 4.3 |
| 2005-10-14 | CVE-2005-3203 | Unspecified vulnerability in Oracle Html DB 1.3/1.3.6 The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | 4.6 |
| 2005-10-14 | CVE-2005-3202 | Cross-Site Scripting vulnerability in Oracle HTML DB 1.3/1.3.6 Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. network oracle | 6.8 |
| 2005-09-20 | CVE-2005-2983 | SQL Injection vulnerability in Oracle Reports 1.00 SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | 7.5 |
| 2005-08-23 | CVE-2005-2680 | Security Bypass vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. | 5.0 |
| 2005-08-16 | CVE-2005-2572 | Remote Code Execution vulnerability in Oracle Mysql 5.0.33 MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. network oracle | 8.5 |