Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-27 | CVE-2006-2081 | SQL Injection vulnerability in Oracle 10g DBMS_EXPORT_EXTENSION Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. | 4.6 |
| 2006-04-20 | CVE-2006-1871 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7 SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. | 6.5 |
| 2006-03-22 | CVE-2006-1358 | Information Disclosure vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. | 5.0 |
| 2006-01-25 | CVE-2006-0425 | Multiple vulnerability in Oracle Weblogic Portal 8.1 BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. | 5.0 |
| 2006-01-18 | CVE-2006-0275 | Multiple vulnerability in Oracle Application Server 9.0.4.2 Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. | 5.0 |
| 2006-01-18 | CVE-2006-0269 | Multiple vulnerability in Oracle January Security Update Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. | 5.5 |
| 2005-12-28 | CVE-2005-4550 | Remote vulnerability in Oracle Application Server Discussion Forum Portlet The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00). | 5.0 |
| 2005-12-28 | CVE-2005-4549 | Remote vulnerability in Oracle Application Server Discussion Forum Portlet Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article. network oracle | 4.3 |
| 2005-10-14 | CVE-2005-3207 | Remote Denial Of Service vulnerability in Oracle Forms Servlet TLS Listener The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command. | 5.0 |
| 2005-10-14 | CVE-2005-3206 | Remote Denial Of Service vulnerability in Oracle Database Server 9.0.2.4 iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | 5.0 |