Filtered by vendor Oracle
Subscribe
Total
9592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3459 | 1 Oracle | 2 Clinical, E-business Suite | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical. | |||||
| CVE-2005-1636 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
| mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. | |||||
| CVE-2005-3448 | 1 Oracle | 1 Application Server | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01. | |||||
| CVE-2006-3709 | 1 Oracle | 1 Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04. | |||||
| CVE-2006-3701 | 1 Oracle | 1 Database Server | 2023-12-10 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05. | |||||
| CVE-2005-1381 | 1 Oracle | 1 Application Server Web Cache | 2023-12-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. | |||||
| CVE-2005-4550 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2023-12-10 | 5.0 MEDIUM | N/A |
| The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00). | |||||
| CVE-2005-1748 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2023-12-10 | 5.0 MEDIUM | N/A |
| The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service. | |||||
| CVE-2005-1746 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2023-12-10 | 5.0 MEDIUM | N/A |
| The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. | |||||
| CVE-2005-2372 | 1 Oracle | 1 Forms | 2023-12-10 | 7.2 HIGH | N/A |
| Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet. | |||||
| CVE-2005-0298 | 1 Oracle | 1 Database Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. | |||||
| CVE-2005-3452 | 1 Oracle | 1 Application Server | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13. | |||||
| CVE-2005-3203 | 1 Oracle | 1 Html Db | 2023-12-10 | 4.6 MEDIUM | N/A |
| The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | |||||
| CVE-2006-0260 | 1 Oracle | 1 Database Server | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package. | |||||
| CVE-2006-1873 | 1 Oracle | 1 Database Server | 2023-12-10 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08. | |||||
| CVE-2005-3446 | 1 Oracle | 2 Application Server, Database Server | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06. | |||||
| CVE-2006-0257 | 1 Oracle | 1 Database Server | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package. | |||||
| CVE-2006-0903 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
| MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | |||||
| CVE-2005-3462 | 1 Oracle | 1 Peoplesoft Enterprise | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02. | |||||
| CVE-2005-0711 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 2.1 LOW | N/A |
| MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. | |||||