Oracle : Security Vulnerabilities, CVEs, Published In 2005 (Directory traversal) CVSS score >= 1
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
Max CVSS
5.0
EPSS Score
0.59%
Published
2005-08-16
Updated
2019-12-17
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.
Max CVSS
5.0
EPSS Score
4.54%
Published
2005-07-26
Updated
2018-10-19
Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
Max CVSS
5.0
EPSS Score
93.29%
Published
2005-07-26
Updated
2018-10-19
Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.
Max CVSS
5.0
EPSS Score
95.36%
Published
2005-03-07
Updated
2016-10-18
4 vulnerabilities found