CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3438
https://notcve.org/view.php?id=CVE-2005-3438
Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038061.html http://secunia.com/advisories/17250 http://www.kb.cert.org/vuls/id/210524 http://www.kb.cert.org/vuls/id/449444 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html http://www.securityfocus.com/bid/15134 http://www.us-cert.gov/cas/techalerts/TA05-292A.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3440
https://notcve.org/view.php?id=CVE-2005-3440
Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08. • http://secunia.com/advisories/17250 http://www.kb.cert.org/vuls/id/210524 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html http://www.securityfocus.com/bid/15134 http://www.us-cert.gov/cas/techalerts/TA05-292A.html •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3205
https://notcve.org/view.php?id=CVE-2005-3205
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0172.html http://marc.info/?l=bugtraq&m=112870489324437&w=2 http://secunia.com/advisories/15991 http://securityreason.com/securityalert/63 http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html http://www.red-database-security.com/advisory/oracle_isqlplus_css.html http://www.securityfocus.com/bid/15030 https://exchange.xforce.ibmcloud.com/vulnerabilities/22539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4CVE-2005-3206 – Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-3206
iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. • https://www.exploit-db.com/exploits/26331 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0176.html http://marc.info/?l=bugtraq&m=112870589127719&w=2 http://secunia.com/advisories/15991 http://securityreason.com/securityalert/64 http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html http://www.osvdb.org/20056 http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html http://www.securityfocus.com/bid/15032 https://exchange.xforce.ibmcloud. •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-1197
https://notcve.org/view.php?id=CVE-2005-1197
SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. • http://marc.info/?l=bugtraq&m=111385690419118&w=2 http://www.kb.cert.org/vuls/id/948486 http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf http://www.us-cert.gov/cas/techalerts/TA05-117A.html •