Search criteria
12 vulnerabilities found for reports by oracle
CVE-2005-2983 (GCVE-0-2005-2983)
Vulnerability from nvd – Published: 2005-09-19 04:00 – Updated: 2024-08-07 22:53
VLAI?
Summary
SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html"
},
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112681849113948\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html"
},
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112681849113948\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html"
},
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112681849113948\u0026w=2"
},
{
"name": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf",
"refsource": "MISC",
"url": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2983",
"datePublished": "2005-09-19T04:00:00",
"dateReserved": "2005-09-19T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2378 (GCVE-0-2005-2378)
Vulnerability from nvd – Published: 2005-07-26 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014527"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422256/30/7430/threaded"
},
{
"name": "1014525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014525"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181242916757\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181054226520\u0026w=2"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014527"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422256/30/7430/threaded"
},
{
"name": "1014525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014525"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181242916757\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181054226520\u0026w=2"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014527",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014527"
},
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422256/30/7430/threaded"
},
{
"name": "1014525",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014525"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112181242916757\u0026w=2"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112181054226520\u0026w=2"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2378",
"datePublished": "2005-07-26T04:00:00",
"dateReserved": "2005-07-26T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2379 (GCVE-0-2005-2379)
Vulnerability from nvd – Published: 2005-07-26 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050719 Oracle Security Advisory: Various Cross-Site-Scripting Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181649831863\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_various_css.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050719 Oracle Security Advisory: Various Cross-Site-Scripting Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181649831863\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_various_css.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050719 Oracle Security Advisory: Various Cross-Site-Scripting Oracle Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112181649831863\u0026w=2"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_reports_various_css.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_reports_various_css.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2379",
"datePublished": "2005-07-26T04:00:00",
"dateReserved": "2005-07-26T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2371 (GCVE-0-2005-2371)
Vulnerability from nvd – Published: 2005-07-26 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "14309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14309"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422257/30/7430/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html"
},
{
"name": "1014524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014524"
},
{
"name": "20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112180096507467\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) \"..\", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "14309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14309"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422257/30/7430/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html"
},
{
"name": "1014524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014524"
},
{
"name": "20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112180096507467\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) \"..\", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "14309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14309"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422257/30/7430/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html"
},
{
"name": "1014524",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014524"
},
{
"name": "20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112180096507467\u0026w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2371",
"datePublished": "2005-07-26T04:00:00",
"dateReserved": "2005-07-26T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0947 (GCVE-0-2002-0947)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
VLAI?
Summary
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-reports-server-bo(9289)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9289.php"
},
{
"name": "VU#997403",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/997403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf"
},
{
"name": "20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/276524"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/vna/ora-reports.txt"
},
{
"name": "20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html"
},
{
"name": "4848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-reports-server-bo(9289)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9289.php"
},
{
"name": "VU#997403",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/997403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf"
},
{
"name": "20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/276524"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/vna/ora-reports.txt"
},
{
"name": "20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html"
},
{
"name": "4848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-reports-server-bo(9289)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9289.php"
},
{
"name": "VU#997403",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/997403"
},
{
"name": "http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf",
"refsource": "CONFIRM",
"url": "http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf"
},
{
"name": "20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276524"
},
{
"name": "http://www.nextgenss.com/vna/ora-reports.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/vna/ora-reports.txt"
},
{
"name": "20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html"
},
{
"name": "4848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0947",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1089 (GCVE-0-2002-1089)
Vulnerability from nvd – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-reports-information-disclosure(9628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9628.php"
},
{
"name": "5262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5262"
},
{
"name": "20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-reports-information-disclosure(9628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9628.php"
},
{
"name": "5262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5262"
},
{
"name": "20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-reports-information-disclosure(9628)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9628.php"
},
{
"name": "5262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5262"
},
{
"name": "20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1089",
"datePublished": "2002-08-31T04:00:00",
"dateReserved": "2002-08-30T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2983 (GCVE-0-2005-2983)
Vulnerability from cvelistv5 – Published: 2005-09-19 04:00 – Updated: 2024-08-07 22:53
VLAI?
Summary
SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html"
},
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112681849113948\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html"
},
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112681849113948\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html"
},
{
"name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112681849113948\u0026w=2"
},
{
"name": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf",
"refsource": "MISC",
"url": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2983",
"datePublished": "2005-09-19T04:00:00",
"dateReserved": "2005-09-19T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2378 (GCVE-0-2005-2378)
Vulnerability from cvelistv5 – Published: 2005-07-26 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014527"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422256/30/7430/threaded"
},
{
"name": "1014525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014525"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181242916757\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181054226520\u0026w=2"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014527"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422256/30/7430/threaded"
},
{
"name": "1014525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014525"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181242916757\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181054226520\u0026w=2"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014527",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014527"
},
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422256/30/7430/threaded"
},
{
"name": "1014525",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014525"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112181242916757\u0026w=2"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112181054226520\u0026w=2"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2378",
"datePublished": "2005-07-26T04:00:00",
"dateReserved": "2005-07-26T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2379 (GCVE-0-2005-2379)
Vulnerability from cvelistv5 – Published: 2005-07-26 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050719 Oracle Security Advisory: Various Cross-Site-Scripting Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181649831863\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_various_css.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050719 Oracle Security Advisory: Various Cross-Site-Scripting Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112181649831863\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_various_css.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050719 Oracle Security Advisory: Various Cross-Site-Scripting Oracle Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112181649831863\u0026w=2"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_reports_various_css.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_reports_various_css.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2379",
"datePublished": "2005-07-26T04:00:00",
"dateReserved": "2005-07-26T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2371 (GCVE-0-2005-2371)
Vulnerability from cvelistv5 – Published: 2005-07-26 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "14309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14309"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422257/30/7430/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html"
},
{
"name": "1014524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014524"
},
{
"name": "20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112180096507467\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) \"..\", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "14309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14309"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422257/30/7430/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html"
},
{
"name": "1014524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014524"
},
{
"name": "20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112180096507467\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) \"..\", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "14309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14309"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422257/30/7430/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html"
},
{
"name": "1014524",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014524"
},
{
"name": "20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112180096507467\u0026w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2371",
"datePublished": "2005-07-26T04:00:00",
"dateReserved": "2005-07-26T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0947 (GCVE-0-2002-0947)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03
VLAI?
Summary
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-reports-server-bo(9289)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9289.php"
},
{
"name": "VU#997403",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/997403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf"
},
{
"name": "20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/276524"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/vna/ora-reports.txt"
},
{
"name": "20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html"
},
{
"name": "4848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-reports-server-bo(9289)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9289.php"
},
{
"name": "VU#997403",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/997403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf"
},
{
"name": "20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/276524"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/vna/ora-reports.txt"
},
{
"name": "20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html"
},
{
"name": "4848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-reports-server-bo(9289)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9289.php"
},
{
"name": "VU#997403",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/997403"
},
{
"name": "http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf",
"refsource": "CONFIRM",
"url": "http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf"
},
{
"name": "20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276524"
},
{
"name": "http://www.nextgenss.com/vna/ora-reports.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/vna/ora-reports.txt"
},
{
"name": "20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html"
},
{
"name": "4848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0947",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1089 (GCVE-0-2002-1089)
Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-reports-information-disclosure(9628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9628.php"
},
{
"name": "5262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5262"
},
{
"name": "20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-reports-information-disclosure(9628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9628.php"
},
{
"name": "5262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5262"
},
{
"name": "20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-reports-information-disclosure(9628)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9628.php"
},
{
"name": "5262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5262"
},
{
"name": "20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1089",
"datePublished": "2002-08-31T04:00:00",
"dateReserved": "2002-08-30T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}