CVSS: 5.0EPSS: 87%CPEs: 4EXPL: 0CVE-2005-2371
https://notcve.org/view.php?id=CVE-2005-2371
Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289. • http://marc.info/?l=bugtraq&m=112180096507467&w=2 http://secunia.com/advisories/18493 http://secunia.com/advisories/18608 http://securitytracker.com/id?1014524 http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html http://www.securityfocus.com/archive/1/422257/30/7430/threaded http://www.securityfocus.com/bid/14309 http://www.vupen.com/english/advisories/2006/0323 https://exchan • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 2CVE-2005-2378
https://notcve.org/view.php?id=CVE-2005-2378
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU. Oracle Reports permite que atacantes remotos lean ficheros arbitrarios mediante un path absoluto o relativo a los parámetros CUSTOMIZE o "desformat" de "rwservlet". • http://marc.info/?l=bugtraq&m=112181054226520&w=2 http://marc.info/?l=bugtraq&m=112181242916757&w=2 http://secunia.com/advisories/18493 http://secunia.com/advisories/18608 http://securitytracker.com/id?1014525 http://securitytracker.com/id?1014527 http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html http://www.securityfocus.com/archive/1/422256/30/7430/threaded http: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-2379
https://notcve.org/view.php?id=CVE-2005-2379
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. Múltiples vulnerabilidades de sencuencias de comandos en sitios cruzados en Oracle Reports 9.0.0.2 permite que atacantes remotos inyecten script web arbitrario o HTML mediante 1) el parámetro "debug" a "showenv", 2) el parámetro "test" en "parsequery" o 3)el parámetro "delimiter" o "CELLWRAPPER" en "rwservlet". • http://marc.info/?l=bugtraq&m=112181649831863&w=2 http://www.red-database-security.com/advisory/oracle_reports_various_css.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2005-0873 – Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0873
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. • https://www.exploit-db.com/exploits/25269 http://marc.info/?l=bugtraq&m=111168323804203&w=2 http://secunia.com/advisories/17250 http://www.kb.cert.org/vuls/id/210524 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html http://www.securityfocus.com/bid/12892 http://www.securityfocus.com/bid/15134 http://www.us-cert.gov/cas/techalerts/TA05-292A.html •
CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0CVE-2002-0947
https://notcve.org/view.php?id=CVE-2002-0947
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html http://online.securityfocus.com/archive/1/276524 http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf http://www.iss.net/security_center/static/9289.php http://www.kb.cert.org/vuls/id/997403 http://www.nextgenss.com/vna/ora-reports.txt http://www.securityfocus.com/bid/4848 •