Vulnerabilities > Oracle

DATE CVE VULNERABILITY TITLE RISK
2005-07-18 CVE-2005-2294 Information Disclosure vulnerability in Forms And Reports
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
local
low complexity
oracle
2.1
2005-07-18 CVE-2005-2293 Incomplete Cleanup vulnerability in Oracle Forms Builder 9.0.4
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
local
low complexity
oracle CWE-459
5.5
2005-07-18 CVE-2005-2292 Information Disclosure vulnerability in Oracle Jdeveloper 10.1.2/9.0.4/9.0.5
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
local
low complexity
oracle
2.1
2005-07-18 CVE-2005-2291 Information Disclosure vulnerability in Oracle Jdeveloper 10.1.2/9.0.4/9.0.5
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
local
low complexity
oracle
4.6
2005-07-05 CVE-2005-2093 Unspecified vulnerability in Oracle Application Server 9.0.2
Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
network
oracle
4.3
2005-05-24 CVE-2005-1749 Remote vulnerability in BEA WebLogic Server and WebLogic Express
Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).
network
low complexity
bea oracle
5.0
2005-05-24 CVE-2005-1748 Remote vulnerability in BEA WebLogic Server and WebLogic Express
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
network
low complexity
bea oracle
5.0
2005-05-24 CVE-2005-1747 Remote vulnerability in BEA WebLogic Server and WebLogic Express
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
network
bea oracle
6.8
2005-05-24 CVE-2005-1746 Remote vulnerability in BEA WebLogic Server and WebLogic Express
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.
network
low complexity
bea oracle
5.0
2005-05-24 CVE-2005-1745 Remote vulnerability in BEA WebLogic Server and WebLogic Express
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.
local
low complexity
bea oracle
4.6