Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-08-23 | CVE-2005-2680 | Security Bypass vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. | 5.0 |
| 2005-08-16 | CVE-2005-2558 | Buffer Overflow vulnerability in MySQL User-Defined Function Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. | 4.6 |
| 2005-07-26 | CVE-2005-2379 | Cross-Site Scripting vulnerability in Oracle Reports 9.0.2 Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. network oracle | 4.3 |
| 2005-07-26 | CVE-2005-2378 | Path Traversal vulnerability in Oracle Reports Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. | 5.0 |
| 2005-07-26 | CVE-2005-2371 | Path Traversal vulnerability in Oracle Reports Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. | 5.0 |
| 2005-07-18 | CVE-2005-2293 | Incomplete Cleanup vulnerability in Oracle Forms Builder 9.0.4 Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information. | 5.5 |
| 2005-07-18 | CVE-2005-2291 | Information Disclosure vulnerability in Oracle Jdeveloper 10.1.2/9.0.4/9.0.5 Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | 4.6 |
| 2005-07-05 | CVE-2005-2093 | Unspecified vulnerability in Oracle Application Server 9.0.2 Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network oracle | 4.3 |
| 2005-05-24 | CVE-2005-1749 | Remote vulnerability in BEA WebLogic Server and WebLogic Express Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). | 5.0 |
| 2005-05-24 | CVE-2005-1748 | Remote vulnerability in BEA WebLogic Server and WebLogic Express The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service. | 5.0 |