Vulnerabilities > Oracle > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-22 | CVE-2006-2505 | SQL Injection vulnerability in Oracle Database Server Release2 Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package. | 3.6 |
| 2006-04-11 | CVE-2006-1705 | Unspecified vulnerability in Oracle Oracle10G and Oracle9I Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | 2.1 |
| 2005-10-14 | CVE-2005-3205 | Cross-Site Scripting vulnerability in Oracle Database Server 9.0.2.4 Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | 3.5 |
| 2005-07-18 | CVE-2005-2292 | Information Disclosure vulnerability in Oracle Jdeveloper 10.1.2/9.0.4/9.0.5 Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information. | 2.1 |
| 2005-07-18 | CVE-2005-2294 | Information Disclosure vulnerability in Forms And Reports Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers. | 2.1 |
| 2005-05-02 | CVE-2005-0711 | Remote vulnerability in MySQL AB MySQL MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. | 2.1 |
| 2004-06-01 | CVE-2004-0388 | Unspecified vulnerability in Oracle Mysql 5.0.33 The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | 2.1 |
| 2004-05-04 | CVE-2004-0381 | mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. | 2.1 |
| 2004-03-30 | CVE-2004-1877 | Authentication Credential Disclosure vulnerability in Oracle Application Server and Http Server The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | 2.6 |
| 2003-10-20 | CVE-2003-0727 | Unspecified vulnerability in Oracle Database Server Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions. | 2.1 |