Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-14 | CVE-2005-3204 | Cross-Site Scripting vulnerability in Oracle Application Server and Oracle9I Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. network oracle | 4.3 |
| 2005-10-14 | CVE-2005-3203 | Unspecified vulnerability in Oracle Html DB 1.3/1.3.6 The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | 4.6 |
| 2005-10-14 | CVE-2005-3202 | Cross-Site Scripting vulnerability in Oracle HTML DB 1.3/1.3.6 Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. network oracle | 6.8 |
| 2005-08-23 | CVE-2005-2680 | Security Bypass vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. | 5.0 |
| 2005-08-16 | CVE-2005-2558 | Buffer Overflow vulnerability in MySQL User-Defined Function Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. | 4.6 |
| 2005-07-26 | CVE-2005-2379 | Cross-Site Scripting vulnerability in Oracle Reports 9.0.2 Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. network oracle | 4.3 |
| 2005-07-26 | CVE-2005-2378 | Path Traversal vulnerability in Oracle Reports Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. | 5.0 |
| 2005-07-26 | CVE-2005-2371 | Path Traversal vulnerability in Oracle Reports Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. | 5.0 |
| 2005-07-18 | CVE-2005-2293 | Incomplete Cleanup vulnerability in Oracle Forms Builder 9.0.4 Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information. | 5.5 |
| 2005-07-18 | CVE-2005-2291 | Information Disclosure vulnerability in Oracle Jdeveloper 10.1.2/9.0.4/9.0.5 Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | 4.6 |