CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-1197
https://notcve.org/view.php?id=CVE-2005-1197
SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. • http://marc.info/?l=bugtraq&m=111385690419118&w=2 http://www.kb.cert.org/vuls/id/948486 http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf http://www.us-cert.gov/cas/techalerts/TA05-117A.html •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2005-0298
https://notcve.org/view.php?id=CVE-2005-0298
The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. • http://marc.info/?l=bugtraq&m=110608912525883&w=2 http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf http://www.petefinnigan.com/directory_traversal.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/18947 •