Oracle : Security Vulnerabilities, CVEs, Published In October 2005
The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.
Max CVSS
5.0
EPSS Score
5.06%
Published
2005-10-14
Updated
2017-07-11
iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.
Max CVSS
5.0
EPSS Score
3.63%
Published
2005-10-14
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.
Max CVSS
3.5
EPSS Score
0.12%
Published
2005-10-14
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.
Max CVSS
4.3
EPSS Score
6.76%
Published
2005-10-14
Updated
2017-07-11
The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.09%
Published
2005-10-14
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters.
Max CVSS
6.8
EPSS Score
7.92%
Published
2005-10-14
Updated
2017-07-11
6 vulnerabilities found