Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2006-6703 (GCVE-0-2006-6703)

Vulnerability from nvd – Published: 2006-12-23 01:00 – Updated: 2024-08-07 20:34

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/455143/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2006/5143	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/21717	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:34:00.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
          },
          {
            "name": "ADV-2006-5143",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/5143"
          },
          {
            "name": "21717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21717"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
        },
        {
          "name": "ADV-2006-5143",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/5143"
        },
        {
          "name": "21717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21717"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6703",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
            },
            {
              "name": "ADV-2006-5143",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/5143"
            },
            {
              "name": "21717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21717"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6703",
    "datePublished": "2006-12-23T01:00:00",
    "dateReserved": "2006-12-22T00:00:00",
    "dateUpdated": "2024-08-07T20:34:00.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-1705 (GCVE-0-2006-1705)

Vulnerability from nvd – Published: 2006-04-11 10:00 – Updated: 2024-08-07 17:19

Summary

Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.kb.cert.org/vuls/id/805737	third-party-advisoryx_refsource_CERT-VN
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/19574	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1015886	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/1297	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/17426	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/430434/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:19:49.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
          },
          {
            "name": "VU#805737",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/805737"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
          },
          {
            "name": "oracle-base-table-data-manipulation(25696)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
          },
          {
            "name": "19574",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19574"
          },
          {
            "name": "1015886",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015886"
          },
          {
            "name": "ADV-2006-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1297"
          },
          {
            "name": "17426",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17426"
          },
          {
            "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with \"SELECT\" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
        },
        {
          "name": "VU#805737",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/805737"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
        },
        {
          "name": "oracle-base-table-data-manipulation(25696)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
        },
        {
          "name": "19574",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19574"
        },
        {
          "name": "1015886",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015886"
        },
        {
          "name": "ADV-2006-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1297"
        },
        {
          "name": "17426",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17426"
        },
        {
          "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1705",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with \"SELECT\" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
            },
            {
              "name": "VU#805737",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/805737"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
            },
            {
              "name": "oracle-base-table-data-manipulation(25696)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
            },
            {
              "name": "19574",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19574"
            },
            {
              "name": "1015886",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015886"
            },
            {
              "name": "ADV-2006-1297",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1297"
            },
            {
              "name": "17426",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17426"
            },
            {
              "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1705",
    "datePublished": "2006-04-11T10:00:00",
    "dateReserved": "2006-04-10T00:00:00",
    "dateUpdated": "2024-08-07T17:19:49.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0552 (GCVE-0-2006-0552)

Vulnerability from nvd – Published: 2006-02-04 11:00 – Updated: 2024-08-07 16:41

Summary

Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.osvdb.org/22549	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/18493	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/16287	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/545804	third-party-advisoryx_refsource_CERT-VN
	http://securitytracker.com/id?1015499	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/0243	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/18608	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:41:28.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22549",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22549"
          },
          {
            "name": "oracle-january2006-update(24321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
          },
          {
            "name": "18493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18493"
          },
          {
            "name": "ADV-2006-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0323"
          },
          {
            "name": "16287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16287"
          },
          {
            "name": "VU#545804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/545804"
          },
          {
            "name": "1015499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015499"
          },
          {
            "name": "ADV-2006-0243",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
          },
          {
            "name": "18608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "22549",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22549"
        },
        {
          "name": "oracle-january2006-update(24321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
        },
        {
          "name": "18493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18493"
        },
        {
          "name": "ADV-2006-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0323"
        },
        {
          "name": "16287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16287"
        },
        {
          "name": "VU#545804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/545804"
        },
        {
          "name": "1015499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015499"
        },
        {
          "name": "ADV-2006-0243",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
        },
        {
          "name": "18608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0552",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22549",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22549"
            },
            {
              "name": "oracle-january2006-update(24321)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
            },
            {
              "name": "18493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18493"
            },
            {
              "name": "ADV-2006-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0323"
            },
            {
              "name": "16287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16287"
            },
            {
              "name": "VU#545804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/545804"
            },
            {
              "name": "1015499",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015499"
            },
            {
              "name": "ADV-2006-0243",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0243"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
            },
            {
              "name": "18608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0552",
    "datePublished": "2006-02-04T11:00:00",
    "dateReserved": "2006-02-04T00:00:00",
    "dateUpdated": "2024-08-07T16:41:28.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0272 (GCVE-0-2006-0272)

Vulnerability from nvd – Published: 2006-01-18 11:00 – Updated: 2024-08-07 16:25

Summary

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.integrigy.com/info/IntegrigySecurityAn…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://secunia.com/advisories/18493	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/16287	vdb-entryx_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA06-018A.html	third-party-advisoryx_refsource_CERT
	http://www.kb.cert.org/vuls/id/545804	third-party-advisoryx_refsource_CERT-VN
	http://securitytracker.com/id?1015499	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/0243	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/18608	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/891644	third-party-advisoryx_refsource_CERT-VN
	http://www.argeniss.com/research/ARGENISS-ADV-010…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:25:34.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
          },
          {
            "name": "oracle-january2006-update(24321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
          },
          {
            "name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
          },
          {
            "name": "18493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18493"
          },
          {
            "name": "ADV-2006-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0323"
          },
          {
            "name": "16287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16287"
          },
          {
            "name": "TA06-018A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
          },
          {
            "name": "VU#545804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/545804"
          },
          {
            "name": "1015499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015499"
          },
          {
            "name": "ADV-2006-0243",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
          },
          {
            "name": "18608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18608"
          },
          {
            "name": "VU#891644",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/891644"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
          },
          {
            "name": "oracle-xdbdbmx-xmlschema-bo(24376)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29.  NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
        },
        {
          "name": "oracle-january2006-update(24321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
        },
        {
          "name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
        },
        {
          "name": "18493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18493"
        },
        {
          "name": "ADV-2006-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0323"
        },
        {
          "name": "16287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16287"
        },
        {
          "name": "TA06-018A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
        },
        {
          "name": "VU#545804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/545804"
        },
        {
          "name": "1015499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015499"
        },
        {
          "name": "ADV-2006-0243",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
        },
        {
          "name": "18608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18608"
        },
        {
          "name": "VU#891644",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/891644"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
        },
        {
          "name": "oracle-xdbdbmx-xmlschema-bo(24376)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0272",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29.  NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf",
              "refsource": "MISC",
              "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
            },
            {
              "name": "oracle-january2006-update(24321)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
            },
            {
              "name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
            },
            {
              "name": "18493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18493"
            },
            {
              "name": "ADV-2006-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0323"
            },
            {
              "name": "16287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16287"
            },
            {
              "name": "TA06-018A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
            },
            {
              "name": "VU#545804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/545804"
            },
            {
              "name": "1015499",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015499"
            },
            {
              "name": "ADV-2006-0243",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0243"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
            },
            {
              "name": "18608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18608"
            },
            {
              "name": "VU#891644",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/891644"
            },
            {
              "name": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt",
              "refsource": "MISC",
              "url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
            },
            {
              "name": "oracle-xdbdbmx-xmlschema-bo(24376)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0272",
    "datePublished": "2006-01-18T11:00:00",
    "dateReserved": "2006-01-18T00:00:00",
    "dateUpdated": "2024-08-07T16:25:34.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0271 (GCVE-0-2006-0271)

Vulnerability from nvd – Published: 2006-01-18 11:00 – Updated: 2024-08-07 16:25

Summary

Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://secunia.com/advisories/18493	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/16287	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/545804	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/22566	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1015499	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/0243	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/18608	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:25:34.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-january2006-update(24321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
          },
          {
            "name": "18493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18493"
          },
          {
            "name": "ADV-2006-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0323"
          },
          {
            "name": "16287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16287"
          },
          {
            "name": "VU#545804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/545804"
          },
          {
            "name": "22566",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22566"
          },
          {
            "name": "1015499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015499"
          },
          {
            "name": "ADV-2006-0243",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
          },
          {
            "name": "18608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28.  NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-january2006-update(24321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
        },
        {
          "name": "18493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18493"
        },
        {
          "name": "ADV-2006-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0323"
        },
        {
          "name": "16287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16287"
        },
        {
          "name": "VU#545804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/545804"
        },
        {
          "name": "22566",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22566"
        },
        {
          "name": "1015499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015499"
        },
        {
          "name": "ADV-2006-0243",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
        },
        {
          "name": "18608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28.  NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-january2006-update(24321)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
            },
            {
              "name": "18493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18493"
            },
            {
              "name": "ADV-2006-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0323"
            },
            {
              "name": "16287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16287"
            },
            {
              "name": "VU#545804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/545804"
            },
            {
              "name": "22566",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22566"
            },
            {
              "name": "1015499",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015499"
            },
            {
              "name": "ADV-2006-0243",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0243"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
            },
            {
              "name": "18608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0271",
    "datePublished": "2006-01-18T11:00:00",
    "dateReserved": "2006-01-18T00:00:00",
    "dateUpdated": "2024-08-07T16:25:34.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0262 (GCVE-0-2006-0262)

Vulnerability from nvd – Published: 2006-01-18 11:00 – Updated: 2024-08-07 16:25

Summary

Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/18493	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/16287	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/545804	third-party-advisoryx_refsource_CERT-VN
	http://securitytracker.com/id?1015499	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/0243	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/18608	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:25:34.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-january2006-update(24321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
          },
          {
            "name": "18493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18493"
          },
          {
            "name": "ADV-2006-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0323"
          },
          {
            "name": "16287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16287"
          },
          {
            "name": "VU#545804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/545804"
          },
          {
            "name": "1015499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015499"
          },
          {
            "name": "ADV-2006-0243",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
          },
          {
            "name": "18608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-january2006-update(24321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
        },
        {
          "name": "18493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18493"
        },
        {
          "name": "ADV-2006-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0323"
        },
        {
          "name": "16287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16287"
        },
        {
          "name": "VU#545804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/545804"
        },
        {
          "name": "1015499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015499"
        },
        {
          "name": "ADV-2006-0243",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
        },
        {
          "name": "18608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0262",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-january2006-update(24321)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
            },
            {
              "name": "18493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18493"
            },
            {
              "name": "ADV-2006-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0323"
            },
            {
              "name": "16287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16287"
            },
            {
              "name": "VU#545804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/545804"
            },
            {
              "name": "1015499",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015499"
            },
            {
              "name": "ADV-2006-0243",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0243"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
            },
            {
              "name": "18608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0262",
    "datePublished": "2006-01-18T11:00:00",
    "dateReserved": "2006-01-18T00:00:00",
    "dateUpdated": "2024-08-07T16:25:34.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3641 (GCVE-0-2005-3641)

Vulnerability from nvd – Published: 2005-11-16 21:17 – Updated: 2024-09-16 23:11

Summary

Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.ngssoftware.com/papers/database-on-xp.pdf	x_refsource_MISC
	http://www.securityfocus.com/bid/15450	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
          },
          {
            "name": "15450",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-16T21:17:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
        },
        {
          "name": "15450",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3641",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ngssoftware.com/papers/database-on-xp.pdf",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
            },
            {
              "name": "15450",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3641",
    "datePublished": "2005-11-16T21:17:00Z",
    "dateReserved": "2005-11-16T00:00:00Z",
    "dateUpdated": "2024-09-16T23:11:46.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3204 (GCVE-0-2005-3204)

Vulnerability from nvd – Published: 2005-10-14 04:00 – Updated: 2024-08-07 23:01

Summary

Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://securityreason.com/securityalert/66	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/15034	vdb-entryx_refsource_BID
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://secunia.com/advisories/15991/	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technology/deploy/security/…	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://marc.info/?l=bugtraq&m=112870541502542&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/20054	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:58.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "66",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/66"
          },
          {
            "name": "15034",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15034"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
          },
          {
            "name": "15991",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15991/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
          },
          {
            "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
          },
          {
            "name": "oracle-xmldb-xss(22541)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
          },
          {
            "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
          },
          {
            "name": "20054",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20054"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-07-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "66",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/66"
        },
        {
          "name": "15034",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15034"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
        },
        {
          "name": "15991",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15991/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
        },
        {
          "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
        },
        {
          "name": "oracle-xmldb-xss(22541)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
        },
        {
          "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
        },
        {
          "name": "20054",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20054"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "66",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/66"
            },
            {
              "name": "15034",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15034"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
            },
            {
              "name": "15991",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15991/"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
            },
            {
              "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
            },
            {
              "name": "oracle-xmldb-xss(22541)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
            },
            {
              "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
            },
            {
              "name": "20054",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20054"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3204",
    "datePublished": "2005-10-14T04:00:00",
    "dateReserved": "2005-10-14T00:00:00",
    "dateUpdated": "2024-08-07T23:01:58.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-1495 (GCVE-0-2005-1495)

Vulnerability from nvd – Published: 2005-05-11 04:00 – Updated: 2024-08-07 21:51

Summary

Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/16258	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/777773	third-party-advisoryx_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=111531683824209&w=2	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:51:50.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "16258",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16258"
          },
          {
            "name": "VU#777773",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/777773"
          },
          {
            "name": "oracle-audit-data-manipulation(20407)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
          },
          {
            "name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "16258",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16258"
        },
        {
          "name": "VU#777773",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/777773"
        },
        {
          "name": "oracle-audit-data-manipulation(20407)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
        },
        {
          "name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "16258",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16258"
            },
            {
              "name": "VU#777773",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/777773"
            },
            {
              "name": "oracle-audit-data-manipulation(20407)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
            },
            {
              "name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1495",
    "datePublished": "2005-05-11T04:00:00",
    "dateReserved": "2005-05-11T00:00:00",
    "dateUpdated": "2024-08-07T21:51:50.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-6703 (GCVE-0-2006-6703)

Vulnerability from cvelistv5 – Published: 2006-12-23 01:00 – Updated: 2024-08-07 20:34

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/455143/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2006/5143	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/21717	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:34:00.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
          },
          {
            "name": "ADV-2006-5143",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/5143"
          },
          {
            "name": "21717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21717"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
        },
        {
          "name": "ADV-2006-5143",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/5143"
        },
        {
          "name": "21717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21717"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6703",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061222 Oracle Applications/Portal 9i/10g Cross Site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455143/100/0/threaded"
            },
            {
              "name": "ADV-2006-5143",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/5143"
            },
            {
              "name": "21717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21717"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6703",
    "datePublished": "2006-12-23T01:00:00",
    "dateReserved": "2006-12-22T00:00:00",
    "dateUpdated": "2024-08-07T20:34:00.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-1705 (GCVE-0-2006-1705)

Vulnerability from cvelistv5 – Published: 2006-04-11 10:00 – Updated: 2024-08-07 17:19

Summary

Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.kb.cert.org/vuls/id/805737	third-party-advisoryx_refsource_CERT-VN
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/19574	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1015886	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/1297	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/17426	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/430434/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:19:49.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
          },
          {
            "name": "VU#805737",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/805737"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
          },
          {
            "name": "oracle-base-table-data-manipulation(25696)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
          },
          {
            "name": "19574",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19574"
          },
          {
            "name": "1015886",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015886"
          },
          {
            "name": "ADV-2006-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1297"
          },
          {
            "name": "17426",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17426"
          },
          {
            "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with \"SELECT\" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
        },
        {
          "name": "VU#805737",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/805737"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
        },
        {
          "name": "oracle-base-table-data-manipulation(25696)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
        },
        {
          "name": "19574",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19574"
        },
        {
          "name": "1015886",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015886"
        },
        {
          "name": "ADV-2006-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1297"
        },
        {
          "name": "17426",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17426"
        },
        {
          "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1705",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with \"SELECT\" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html"
            },
            {
              "name": "VU#805737",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/805737"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html"
            },
            {
              "name": "oracle-base-table-data-manipulation(25696)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25696"
            },
            {
              "name": "19574",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19574"
            },
            {
              "name": "1015886",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015886"
            },
            {
              "name": "ADV-2006-1297",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1297"
            },
            {
              "name": "17426",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17426"
            },
            {
              "name": "20060410 Oracle read-only user can insert/update/delete data via specially crafted views",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/430434/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1705",
    "datePublished": "2006-04-11T10:00:00",
    "dateReserved": "2006-04-10T00:00:00",
    "dateUpdated": "2024-08-07T17:19:49.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0552 (GCVE-0-2006-0552)

Vulnerability from cvelistv5 – Published: 2006-02-04 11:00 – Updated: 2024-08-07 16:41

Summary

Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.osvdb.org/22549	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/18493	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/16287	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/545804	third-party-advisoryx_refsource_CERT-VN
	http://securitytracker.com/id?1015499	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/0243	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/18608	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:41:28.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22549",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22549"
          },
          {
            "name": "oracle-january2006-update(24321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
          },
          {
            "name": "18493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18493"
          },
          {
            "name": "ADV-2006-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0323"
          },
          {
            "name": "16287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16287"
          },
          {
            "name": "VU#545804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/545804"
          },
          {
            "name": "1015499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015499"
          },
          {
            "name": "ADV-2006-0243",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
          },
          {
            "name": "18608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "22549",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22549"
        },
        {
          "name": "oracle-january2006-update(24321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
        },
        {
          "name": "18493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18493"
        },
        {
          "name": "ADV-2006-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0323"
        },
        {
          "name": "16287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16287"
        },
        {
          "name": "VU#545804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/545804"
        },
        {
          "name": "1015499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015499"
        },
        {
          "name": "ADV-2006-0243",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
        },
        {
          "name": "18608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0552",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22549",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22549"
            },
            {
              "name": "oracle-january2006-update(24321)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
            },
            {
              "name": "18493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18493"
            },
            {
              "name": "ADV-2006-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0323"
            },
            {
              "name": "16287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16287"
            },
            {
              "name": "VU#545804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/545804"
            },
            {
              "name": "1015499",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015499"
            },
            {
              "name": "ADV-2006-0243",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0243"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
            },
            {
              "name": "18608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0552",
    "datePublished": "2006-02-04T11:00:00",
    "dateReserved": "2006-02-04T00:00:00",
    "dateUpdated": "2024-08-07T16:41:28.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0272 (GCVE-0-2006-0272)

Vulnerability from cvelistv5 – Published: 2006-01-18 11:00 – Updated: 2024-08-07 16:25

Summary

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.integrigy.com/info/IntegrigySecurityAn…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://secunia.com/advisories/18493	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/16287	vdb-entryx_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA06-018A.html	third-party-advisoryx_refsource_CERT
	http://www.kb.cert.org/vuls/id/545804	third-party-advisoryx_refsource_CERT-VN
	http://securitytracker.com/id?1015499	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/0243	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/18608	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/891644	third-party-advisoryx_refsource_CERT-VN
	http://www.argeniss.com/research/ARGENISS-ADV-010…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:25:34.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
          },
          {
            "name": "oracle-january2006-update(24321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
          },
          {
            "name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
          },
          {
            "name": "18493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18493"
          },
          {
            "name": "ADV-2006-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0323"
          },
          {
            "name": "16287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16287"
          },
          {
            "name": "TA06-018A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
          },
          {
            "name": "VU#545804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/545804"
          },
          {
            "name": "1015499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015499"
          },
          {
            "name": "ADV-2006-0243",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
          },
          {
            "name": "18608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18608"
          },
          {
            "name": "VU#891644",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/891644"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
          },
          {
            "name": "oracle-xdbdbmx-xmlschema-bo(24376)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29.  NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
        },
        {
          "name": "oracle-january2006-update(24321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
        },
        {
          "name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
        },
        {
          "name": "18493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18493"
        },
        {
          "name": "ADV-2006-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0323"
        },
        {
          "name": "16287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16287"
        },
        {
          "name": "TA06-018A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
        },
        {
          "name": "VU#545804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/545804"
        },
        {
          "name": "1015499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015499"
        },
        {
          "name": "ADV-2006-0243",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
        },
        {
          "name": "18608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18608"
        },
        {
          "name": "VU#891644",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/891644"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
        },
        {
          "name": "oracle-xdbdbmx-xmlschema-bo(24376)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0272",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29.  NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf",
              "refsource": "MISC",
              "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf"
            },
            {
              "name": "oracle-january2006-update(24321)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
            },
            {
              "name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html"
            },
            {
              "name": "18493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18493"
            },
            {
              "name": "ADV-2006-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0323"
            },
            {
              "name": "16287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16287"
            },
            {
              "name": "TA06-018A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html"
            },
            {
              "name": "VU#545804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/545804"
            },
            {
              "name": "1015499",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015499"
            },
            {
              "name": "ADV-2006-0243",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0243"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
            },
            {
              "name": "18608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18608"
            },
            {
              "name": "VU#891644",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/891644"
            },
            {
              "name": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt",
              "refsource": "MISC",
              "url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt"
            },
            {
              "name": "oracle-xdbdbmx-xmlschema-bo(24376)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0272",
    "datePublished": "2006-01-18T11:00:00",
    "dateReserved": "2006-01-18T00:00:00",
    "dateUpdated": "2024-08-07T16:25:34.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0271 (GCVE-0-2006-0271)

Vulnerability from cvelistv5 – Published: 2006-01-18 11:00 – Updated: 2024-08-07 16:25

Summary

Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://secunia.com/advisories/18493	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/16287	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/545804	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/22566	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1015499	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/0243	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/18608	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:25:34.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-january2006-update(24321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
          },
          {
            "name": "18493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18493"
          },
          {
            "name": "ADV-2006-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0323"
          },
          {
            "name": "16287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16287"
          },
          {
            "name": "VU#545804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/545804"
          },
          {
            "name": "22566",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22566"
          },
          {
            "name": "1015499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015499"
          },
          {
            "name": "ADV-2006-0243",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
          },
          {
            "name": "18608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28.  NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-january2006-update(24321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
        },
        {
          "name": "18493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18493"
        },
        {
          "name": "ADV-2006-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0323"
        },
        {
          "name": "16287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16287"
        },
        {
          "name": "VU#545804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/545804"
        },
        {
          "name": "22566",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22566"
        },
        {
          "name": "1015499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015499"
        },
        {
          "name": "ADV-2006-0243",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
        },
        {
          "name": "18608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28.  NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-january2006-update(24321)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
            },
            {
              "name": "18493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18493"
            },
            {
              "name": "ADV-2006-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0323"
            },
            {
              "name": "16287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16287"
            },
            {
              "name": "VU#545804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/545804"
            },
            {
              "name": "22566",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22566"
            },
            {
              "name": "1015499",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015499"
            },
            {
              "name": "ADV-2006-0243",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0243"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
            },
            {
              "name": "18608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0271",
    "datePublished": "2006-01-18T11:00:00",
    "dateReserved": "2006-01-18T00:00:00",
    "dateUpdated": "2024-08-07T16:25:34.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0262 (GCVE-0-2006-0262)

Vulnerability from cvelistv5 – Published: 2006-01-18 11:00 – Updated: 2024-08-07 16:25

Summary

Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/18493	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0323	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/16287	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/545804	third-party-advisoryx_refsource_CERT-VN
	http://securitytracker.com/id?1015499	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/0243	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/18608	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:25:34.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-january2006-update(24321)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
          },
          {
            "name": "18493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18493"
          },
          {
            "name": "ADV-2006-0323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0323"
          },
          {
            "name": "16287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16287"
          },
          {
            "name": "VU#545804",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/545804"
          },
          {
            "name": "1015499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015499"
          },
          {
            "name": "ADV-2006-0243",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
          },
          {
            "name": "18608",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-january2006-update(24321)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
        },
        {
          "name": "18493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18493"
        },
        {
          "name": "ADV-2006-0323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0323"
        },
        {
          "name": "16287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16287"
        },
        {
          "name": "VU#545804",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/545804"
        },
        {
          "name": "1015499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015499"
        },
        {
          "name": "ADV-2006-0243",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
        },
        {
          "name": "18608",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0262",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-january2006-update(24321)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
            },
            {
              "name": "18493",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18493"
            },
            {
              "name": "ADV-2006-0323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0323"
            },
            {
              "name": "16287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16287"
            },
            {
              "name": "VU#545804",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/545804"
            },
            {
              "name": "1015499",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015499"
            },
            {
              "name": "ADV-2006-0243",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0243"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
            },
            {
              "name": "18608",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0262",
    "datePublished": "2006-01-18T11:00:00",
    "dateReserved": "2006-01-18T00:00:00",
    "dateUpdated": "2024-08-07T16:25:34.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3641 (GCVE-0-2005-3641)

Vulnerability from cvelistv5 – Published: 2005-11-16 21:17 – Updated: 2024-09-16 23:11

Summary

Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.ngssoftware.com/papers/database-on-xp.pdf	x_refsource_MISC
	http://www.securityfocus.com/bid/15450	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
          },
          {
            "name": "15450",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-16T21:17:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
        },
        {
          "name": "15450",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3641",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ngssoftware.com/papers/database-on-xp.pdf",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
            },
            {
              "name": "15450",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3641",
    "datePublished": "2005-11-16T21:17:00Z",
    "dateReserved": "2005-11-16T00:00:00Z",
    "dateUpdated": "2024-09-16T23:11:46.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3204 (GCVE-0-2005-3204)

Vulnerability from cvelistv5 – Published: 2005-10-14 04:00 – Updated: 2024-08-07 23:01

Summary

Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://securityreason.com/securityalert/66	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/15034	vdb-entryx_refsource_BID
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://secunia.com/advisories/15991/	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technology/deploy/security/…	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://marc.info/?l=bugtraq&m=112870541502542&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/20054	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:58.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "66",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/66"
          },
          {
            "name": "15034",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15034"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
          },
          {
            "name": "15991",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15991/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
          },
          {
            "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
          },
          {
            "name": "oracle-xmldb-xss(22541)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
          },
          {
            "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
          },
          {
            "name": "20054",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20054"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-07-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "66",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/66"
        },
        {
          "name": "15034",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15034"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
        },
        {
          "name": "15991",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15991/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
        },
        {
          "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
        },
        {
          "name": "oracle-xmldb-xss(22541)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
        },
        {
          "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
        },
        {
          "name": "20054",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20054"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "66",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/66"
            },
            {
              "name": "15034",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15034"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css.html"
            },
            {
              "name": "15991",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15991/"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
            },
            {
              "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html"
            },
            {
              "name": "oracle-xmldb-xss(22541)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22541"
            },
            {
              "name": "20051007 Cross-Site-Scripting Vulnerability in Oracle XMLDB",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=112870541502542\u0026w=2"
            },
            {
              "name": "20054",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20054"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3204",
    "datePublished": "2005-10-14T04:00:00",
    "dateReserved": "2005-10-14T00:00:00",
    "dateUpdated": "2024-08-07T23:01:58.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-2244 (GCVE-0-2004-2244)

Vulnerability from cvelistv5 – Published: 2005-07-17 04:00 – Updated: 2024-08-08 01:22

Summary

The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/10936	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://otn.oracle.com/deploy/security/pdf/2004ale…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/9703	vdb-entryx_refsource_BID
	http://www.osvdb.org/4011	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:22:12.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "10936",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10936"
          },
          {
            "name": "oracle-soap-dos(15270)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
          },
          {
            "name": "9703",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9703"
          },
          {
            "name": "4011",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/4011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "10936",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10936"
        },
        {
          "name": "oracle-soap-dos(15270)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
        },
        {
          "name": "9703",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9703"
        },
        {
          "name": "4011",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/4011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "10936",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10936"
            },
            {
              "name": "oracle-soap-dos(15270)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
            },
            {
              "name": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf",
              "refsource": "CONFIRM",
              "url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
            },
            {
              "name": "9703",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9703"
            },
            {
              "name": "4011",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/4011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2244",
    "datePublished": "2005-07-17T04:00:00",
    "dateReserved": "2005-07-17T00:00:00",
    "dateUpdated": "2024-08-08T01:22:12.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1208 (GCVE-0-2003-1208)

Vulnerability from cvelistv5 – Published: 2005-05-19 04:00 – Updated: 2024-08-08 02:19

Summary

Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.kb.cert.org/vuls/id/399806	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/3840	vdb-entryx_refsource_OSVDB
	http://www.ciac.org/ciac/bulletins/o-093.shtml	third-party-advisorygovernment-resourcex_refsource_CIAC
	http://secunia.com/advisories/10805	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/819126	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/3838	vdb-entryx_refsource_OSVDB
	http://www.kb.cert.org/vuls/id/240174	third-party-advisoryx_refsource_CERT-VN
	http://archives.neohapsis.com/archives/vulnwatch/…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/9587	vdb-entryx_refsource_BID
	http://www.osvdb.org/3839	vdb-entryx_refsource_OSVDB
	http://www.kb.cert.org/vuls/id/846582	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/3837	vdb-entryx_refsource_OSVDB
	http://www.nextgenss.com/advisories/ora_numtodsin…	x_refsource_MISC
	http://www.nextgenss.com/advisories/ora_from_tz.txt	x_refsource_MISC
	http://www.nextgenss.com/advisories/ora_numtoymin…	x_refsource_MISC
	http://www.nextgenss.com/advisories/ora_time_zone.txt	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:19:46.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-multiple-function-bo(15060)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060"
          },
          {
            "name": "VU#399806",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/399806"
          },
          {
            "name": "3840",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3840"
          },
          {
            "name": "O-093",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/o-093.shtml"
          },
          {
            "name": "10805",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10805"
          },
          {
            "name": "VU#819126",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/819126"
          },
          {
            "name": "3838",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3838"
          },
          {
            "name": "VU#240174",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/240174"
          },
          {
            "name": "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html"
          },
          {
            "name": "9587",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9587"
          },
          {
            "name": "3839",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3839"
          },
          {
            "name": "VU#846582",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/846582"
          },
          {
            "name": "3837",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3837"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nextgenss.com/advisories/ora_from_tz.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nextgenss.com/advisories/ora_time_zone.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-multiple-function-bo(15060)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060"
        },
        {
          "name": "VU#399806",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/399806"
        },
        {
          "name": "3840",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3840"
        },
        {
          "name": "O-093",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/o-093.shtml"
        },
        {
          "name": "10805",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10805"
        },
        {
          "name": "VU#819126",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/819126"
        },
        {
          "name": "3838",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3838"
        },
        {
          "name": "VU#240174",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/240174"
        },
        {
          "name": "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html"
        },
        {
          "name": "9587",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9587"
        },
        {
          "name": "3839",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3839"
        },
        {
          "name": "VU#846582",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/846582"
        },
        {
          "name": "3837",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3837"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nextgenss.com/advisories/ora_from_tz.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nextgenss.com/advisories/ora_time_zone.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1208",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-multiple-function-bo(15060)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060"
            },
            {
              "name": "VU#399806",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/399806"
            },
            {
              "name": "3840",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3840"
            },
            {
              "name": "O-093",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/o-093.shtml"
            },
            {
              "name": "10805",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10805"
            },
            {
              "name": "VU#819126",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/819126"
            },
            {
              "name": "3838",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3838"
            },
            {
              "name": "VU#240174",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/240174"
            },
            {
              "name": "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html"
            },
            {
              "name": "9587",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9587"
            },
            {
              "name": "3839",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3839"
            },
            {
              "name": "VU#846582",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/846582"
            },
            {
              "name": "3837",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3837"
            },
            {
              "name": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt",
              "refsource": "MISC",
              "url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt"
            },
            {
              "name": "http://www.nextgenss.com/advisories/ora_from_tz.txt",
              "refsource": "MISC",
              "url": "http://www.nextgenss.com/advisories/ora_from_tz.txt"
            },
            {
              "name": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt",
              "refsource": "MISC",
              "url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt"
            },
            {
              "name": "http://www.nextgenss.com/advisories/ora_time_zone.txt",
              "refsource": "MISC",
              "url": "http://www.nextgenss.com/advisories/ora_time_zone.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1208",
    "datePublished": "2005-05-19T04:00:00",
    "dateReserved": "2005-05-19T00:00:00",
    "dateUpdated": "2024-08-08T02:19:46.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-1495 (GCVE-0-2005-1495)

Vulnerability from cvelistv5 – Published: 2005-05-11 04:00 – Updated: 2024-08-07 21:51

Summary

Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/16258	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/777773	third-party-advisoryx_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.red-database-security.com/advisory/ora…	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=111531683824209&w=2	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:51:50.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "16258",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16258"
          },
          {
            "name": "VU#777773",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/777773"
          },
          {
            "name": "oracle-audit-data-manipulation(20407)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
          },
          {
            "name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "16258",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16258"
        },
        {
          "name": "VU#777773",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/777773"
        },
        {
          "name": "oracle-audit-data-manipulation(20407)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
        },
        {
          "name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "16258",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16258"
            },
            {
              "name": "VU#777773",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/777773"
            },
            {
              "name": "oracle-audit-data-manipulation(20407)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20407"
            },
            {
              "name": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html"
            },
            {
              "name": "20050505 Oracle 9i / 10g Fine Grained Auditing Issue",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111531683824209\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1495",
    "datePublished": "2005-05-11T04:00:00",
    "dateReserved": "2005-05-11T00:00:00",
    "dateUpdated": "2024-08-07T21:51:50.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1193 (GCVE-0-2003-1193)

Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 02:19

Summary

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://otn.oracle.com/deploy/security/pdf/2003ale…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/343520	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/8966	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:19:46.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
          },
          {
            "name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/343520"
          },
          {
            "name": "oracle-portal-sql-injection(13593)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
          },
          {
            "name": "8966",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8966"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
        },
        {
          "name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/343520"
        },
        {
          "name": "oracle-portal-sql-injection(13593)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
        },
        {
          "name": "8966",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8966"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1193",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf",
              "refsource": "CONFIRM",
              "url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
            },
            {
              "name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/343520"
            },
            {
              "name": "oracle-portal-sql-injection(13593)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
            },
            {
              "name": "8966",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8966"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1193",
    "datePublished": "2005-05-10T04:00:00",
    "dateReserved": "2005-05-04T00:00:00",
    "dateUpdated": "2024-08-08T02:19:46.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0637 (GCVE-0-2004-0637)

Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24

Summary

Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/11099	vdb-entryx_refsource_BID
	http://www.idefense.com/application/poi/display?i…	third-party-advisoryx_refsource_IDEFENSE
	http://www.kb.cert.org/vuls/id/316206	third-party-advisoryx_refsource_CERT-VN
	http://secunia.com/advisories/12409/	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:26.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "11099",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11099"
          },
          {
            "name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
          },
          {
            "name": "VU#316206",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/316206"
          },
          {
            "name": "12409",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12409/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-04T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "11099",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11099"
        },
        {
          "name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
        },
        {
          "name": "VU#316206",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/316206"
        },
        {
          "name": "12409",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12409/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11099",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11099"
            },
            {
              "name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
            },
            {
              "name": "VU#316206",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/316206"
            },
            {
              "name": "12409",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12409/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0637",
    "datePublished": "2005-04-14T04:00:00",
    "dateReserved": "2004-07-07T00:00:00",
    "dateUpdated": "2024-08-08T00:24:26.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1707 (GCVE-0-2004-1707)

Vulnerability from cvelistv5 – Published: 2005-02-26 05:00 – Updated: 2024-08-08 01:00

Summary

The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/12205	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://marc.info/?l=bugtraq&m=109147677214087&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/10829	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:00:37.205Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "12205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12205"
          },
          {
            "name": "oracle-libraries-gain-privileges(16839)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
          },
          {
            "name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
          },
          {
            "name": "10829",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10829"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "12205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12205"
        },
        {
          "name": "oracle-libraries-gain-privileges(16839)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
        },
        {
          "name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
        },
        {
          "name": "10829",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10829"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1707",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "12205",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12205"
            },
            {
              "name": "oracle-libraries-gain-privileges(16839)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
            },
            {
              "name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
            },
            {
              "name": "10829",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10829"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1707",
    "datePublished": "2005-02-26T05:00:00",
    "dateReserved": "2005-02-26T00:00:00",
    "dateUpdated": "2024-08-08T01:00:37.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1362 (GCVE-0-2004-1362)

Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46

Summary

The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.kb.cert.org/vuls/id/435974	third-party-advisoryx_refsource_CERT-VN
	http://www.us-cert.gov/cas/techalerts/TA04-245A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/10871	vdb-entryx_refsource_BID
	http://www.ngssoftware.com/advisories/oracle23122…	x_refsource_MISC
	http://www.oracle.com/technology/deploy/security/…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=110382306006205&w=2	mailing-listx_refsource_BUGTRAQ
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:12.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-character-conversion-gain-privileges(18657)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
          },
          {
            "name": "VU#435974",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/435974"
          },
          {
            "name": "TA04-245A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
          },
          {
            "name": "10871",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10871"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
          },
          {
            "name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
          },
          {
            "name": "101782",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with \"%FF\" encoded sequences that are improperly converted to \"Y\" characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-character-conversion-gain-privileges(18657)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
        },
        {
          "name": "VU#435974",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/435974"
        },
        {
          "name": "TA04-245A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
        },
        {
          "name": "10871",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10871"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
        },
        {
          "name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
        },
        {
          "name": "101782",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1362",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with \"%FF\" encoded sequences that are improperly converted to \"Y\" characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-character-conversion-gain-privileges(18657)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
            },
            {
              "name": "VU#435974",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/435974"
            },
            {
              "name": "TA04-245A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
            },
            {
              "name": "10871",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10871"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/oracle23122004G.txt",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
            },
            {
              "name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
            },
            {
              "name": "101782",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1362",
    "datePublished": "2005-01-19T05:00:00",
    "dateReserved": "2005-01-07T00:00:00",
    "dateUpdated": "2024-08-08T00:46:12.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1366 (GCVE-0-2004-1366)

Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46

Summary

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/385323	mailing-listx_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/316206	third-party-advisoryx_refsource_CERT-VN
	http://www.us-cert.gov/cas/techalerts/TA04-245A.html	third-party-advisoryx_refsource_CERT
	http://www.ngssoftware.com/advisories/oracle23122…	x_refsource_MISC
	http://www.securityfocus.com/bid/10871	vdb-entryx_refsource_BID
	http://www.oracle.com/technology/deploy/security/…	x_refsource_CONFIRM
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:12.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-sysman-password-plaintext(18661)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
          },
          {
            "name": "20041223 Oracle clear text passwords (#NISR2122004D)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/385323"
          },
          {
            "name": "VU#316206",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/316206"
          },
          {
            "name": "TA04-245A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
          },
          {
            "name": "10871",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
          },
          {
            "name": "101782",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-sysman-password-plaintext(18661)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
        },
        {
          "name": "20041223 Oracle clear text passwords (#NISR2122004D)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/385323"
        },
        {
          "name": "VU#316206",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/316206"
        },
        {
          "name": "TA04-245A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
        },
        {
          "name": "10871",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
        },
        {
          "name": "101782",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1366",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-sysman-password-plaintext(18661)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
            },
            {
              "name": "20041223 Oracle clear text passwords (#NISR2122004D)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/385323"
            },
            {
              "name": "VU#316206",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/316206"
            },
            {
              "name": "TA04-245A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/oracle23122004D.txt",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
            },
            {
              "name": "10871",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10871"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
            },
            {
              "name": "101782",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1366",
    "datePublished": "2005-01-19T05:00:00",
    "dateReserved": "2005-01-07T00:00:00",
    "dateUpdated": "2024-08-08T00:46:12.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1370 (GCVE-0-2004-1370)

Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46

Summary

Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.ngssoftware.com/advisories/oracle23122…	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=110382596129607&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/316206	third-party-advisoryx_refsource_CERT-VN
	http://www.us-cert.gov/cas/techalerts/TA04-245A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/10871	vdb-entryx_refsource_BID
	http://www.oracle.com/technology/deploy/security/…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:12.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
          },
          {
            "name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
          },
          {
            "name": "VU#316206",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/316206"
          },
          {
            "name": "TA04-245A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
          },
          {
            "name": "10871",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
          },
          {
            "name": "oracle-procedure-sql-injection(18665)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
          },
          {
            "name": "101782",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
        },
        {
          "name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
        },
        {
          "name": "VU#316206",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/316206"
        },
        {
          "name": "TA04-245A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
        },
        {
          "name": "10871",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
        },
        {
          "name": "oracle-procedure-sql-injection(18665)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
        },
        {
          "name": "101782",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1370",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ngssoftware.com/advisories/oracle23122004H.txt",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
            },
            {
              "name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
            },
            {
              "name": "VU#316206",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/316206"
            },
            {
              "name": "TA04-245A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
            },
            {
              "name": "10871",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10871"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
            },
            {
              "name": "oracle-procedure-sql-injection(18665)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
            },
            {
              "name": "101782",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1370",
    "datePublished": "2005-01-19T05:00:00",
    "dateReserved": "2005-01-07T00:00:00",
    "dateUpdated": "2024-08-08T00:46:12.509Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1368 (GCVE-0-2004-1368)

Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46

Summary

ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://marc.info/?l=bugtraq&m=110382264415387&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.ngssoftware.com/advisories/oracle23122…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/435974	third-party-advisoryx_refsource_CERT-VN
	http://www.us-cert.gov/cas/techalerts/TA04-245A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/10871	vdb-entryx_refsource_BID
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:12.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-isqlplus-file-access(18656)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
          },
          {
            "name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
          },
          {
            "name": "VU#435974",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/435974"
          },
          {
            "name": "TA04-245A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
          },
          {
            "name": "10871",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10871"
          },
          {
            "name": "101782",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-isqlplus-file-access(18656)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
        },
        {
          "name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
        },
        {
          "name": "VU#435974",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/435974"
        },
        {
          "name": "TA04-245A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
        },
        {
          "name": "10871",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10871"
        },
        {
          "name": "101782",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1368",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-isqlplus-file-access(18656)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
            },
            {
              "name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/oracle23122004E.txt",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
            },
            {
              "name": "VU#435974",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/435974"
            },
            {
              "name": "TA04-245A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
            },
            {
              "name": "10871",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10871"
            },
            {
              "name": "101782",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1368",
    "datePublished": "2005-01-19T05:00:00",
    "dateReserved": "2005-01-07T00:00:00",
    "dateUpdated": "2024-08-08T00:46:12.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0638 (GCVE-0-2004-0638)

Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:24

Summary

Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.oracle.com/technology/deploy/security/…	x_refsource_CONFIRM
	http://www.idefense.com/application/poi/display?i…	third-party-advisoryx_refsource_IDEFENSE
	http://www.securityfocus.com/bid/11100	vdb-entryx_refsource_BID
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://www.red-database-security.com/advisory/adv…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:26.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-dbmssystem-bo(17254)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
          },
          {
            "name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
          },
          {
            "name": "11100",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11100"
          },
          {
            "name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-dbmssystem-bo(17254)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
        },
        {
          "name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
        },
        {
          "name": "11100",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11100"
        },
        {
          "name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0638",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-dbmssystem-bo(17254)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
            },
            {
              "name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
            },
            {
              "name": "11100",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11100"
            },
            {
              "name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
            },
            {
              "name": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm",
              "refsource": "MISC",
              "url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0638",
    "datePublished": "2005-01-19T05:00:00",
    "dateReserved": "2004-07-07T00:00:00",
    "dateUpdated": "2024-08-08T00:24:26.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1364 (GCVE-0-2004-1364)

Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46

Summary

Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/454861/100…	mailing-listx_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/316206	third-party-advisoryx_refsource_CERT-VN
	http://www.us-cert.gov/cas/techalerts/TA04-245A.html	third-party-advisoryx_refsource_CERT
	http://marc.info/?l=bugtraq&m=110382406002365&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/10871	vdb-entryx_refsource_BID
	http://www.oracle.com/technology/deploy/security/…	x_refsource_CONFIRM
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.ngssoftware.com/advisories/oracle23122…	x_refsource_MISC
	http://www.0xdeadbeef.info/exploits/raptor_oraext…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:12.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-extproc-directory-traversal(18658)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
          },
          {
            "name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
          },
          {
            "name": "VU#316206",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/316206"
          },
          {
            "name": "TA04-245A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
          },
          {
            "name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
          },
          {
            "name": "10871",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
          },
          {
            "name": "101782",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\\bin directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oracle-extproc-directory-traversal(18658)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
        },
        {
          "name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
        },
        {
          "name": "VU#316206",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/316206"
        },
        {
          "name": "TA04-245A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
        },
        {
          "name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
        },
        {
          "name": "10871",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
        },
        {
          "name": "101782",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\\bin directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-extproc-directory-traversal(18658)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
            },
            {
              "name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
            },
            {
              "name": "VU#316206",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/316206"
            },
            {
              "name": "TA04-245A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
            },
            {
              "name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
            },
            {
              "name": "10871",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10871"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
            },
            {
              "name": "101782",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/oracle23122004B.txt",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
            },
            {
              "name": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql",
              "refsource": "MISC",
              "url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1364",
    "datePublished": "2005-01-19T05:00:00",
    "dateReserved": "2005-01-07T00:00:00",
    "dateUpdated": "2024-08-08T00:46:12.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1367 (GCVE-0-2004-1367)

Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46

Summary

Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=110382247308064&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/316206	third-party-advisoryx_refsource_CERT-VN
	http://www.us-cert.gov/cas/techalerts/TA04-245A.html	third-party-advisoryx_refsource_CERT
	http://www.ngssoftware.com/advisories/oracle23122…	x_refsource_MISC
	http://www.oracle.com/technology/deploy/security/…	x_refsource_CONFIRM
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:12.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20041223 Oracle clear text passwords (#NISR2122004D)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
          },
          {
            "name": "VU#316206",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/316206"
          },
          {
            "name": "TA04-245A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
          },
          {
            "name": "101782",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20041223 Oracle clear text passwords (#NISR2122004D)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
        },
        {
          "name": "VU#316206",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/316206"
        },
        {
          "name": "TA04-245A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
        },
        {
          "name": "101782",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1367",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20041223 Oracle clear text passwords (#NISR2122004D)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
            },
            {
              "name": "VU#316206",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/316206"
            },
            {
              "name": "TA04-245A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/oracle23122004D.txt",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
            },
            {
              "name": "101782",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1367",
    "datePublished": "2005-01-19T05:00:00",
    "dateReserved": "2005-01-07T00:00:00",
    "dateUpdated": "2024-08-08T00:46:12.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

104 vulnerabilities found for oracle9i by oracle

CVE-2006-6703 (GCVE-0-2006-6703)

CVE-2006-1705 (GCVE-0-2006-1705)

CVE-2006-0552 (GCVE-0-2006-0552)

CVE-2006-0272 (GCVE-0-2006-0272)

CVE-2006-0271 (GCVE-0-2006-0271)

CVE-2006-0262 (GCVE-0-2006-0262)

CVE-2005-3641 (GCVE-0-2005-3641)

CVE-2005-3204 (GCVE-0-2005-3204)

CVE-2005-1495 (GCVE-0-2005-1495)

CVE-2006-6703 (GCVE-0-2006-6703)

CVE-2006-1705 (GCVE-0-2006-1705)

CVE-2006-0552 (GCVE-0-2006-0552)

CVE-2006-0272 (GCVE-0-2006-0272)

CVE-2006-0271 (GCVE-0-2006-0271)

CVE-2006-0262 (GCVE-0-2006-0262)

CVE-2005-3641 (GCVE-0-2005-3641)

CVE-2005-3204 (GCVE-0-2005-3204)

CVE-2004-2244 (GCVE-0-2004-2244)

CVE-2003-1208 (GCVE-0-2003-1208)

CVE-2005-1495 (GCVE-0-2005-1495)

CVE-2003-1193 (GCVE-0-2003-1193)

CVE-2004-0637 (GCVE-0-2004-0637)

CVE-2004-1707 (GCVE-0-2004-1707)

CVE-2004-1362 (GCVE-0-2004-1362)

CVE-2004-1366 (GCVE-0-2004-1366)

CVE-2004-1370 (GCVE-0-2004-1370)

CVE-2004-1368 (GCVE-0-2004-1368)

CVE-2004-0638 (GCVE-0-2004-0638)

CVE-2004-1364 (GCVE-0-2004-1364)

CVE-2004-1367 (GCVE-0-2004-1367)