Page 34 of 192 results (0.016 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08. • http://secunia.com/advisories/17250 http://www.kb.cert.org/vuls/id/210524 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html http://www.securityfocus.com/bid/15134 http://www.us-cert.gov/cas/techalerts/TA05-292A.html •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0172.html http://marc.info/?l=bugtraq&m=112870489324437&w=2 http://secunia.com/advisories/15991 http://securityreason.com/securityalert/63 http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html http://www.red-database-security.com/advisory/oracle_isqlplus_css.html http://www.securityfocus.com/bid/15030 https://exchange.xforce.ibmcloud.com/vulnerabilities/22539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. • https://www.exploit-db.com/exploits/26331 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0176.html http://marc.info/?l=bugtraq&m=112870589127719&w=2 http://secunia.com/advisories/15991 http://securityreason.com/securityalert/64 http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html http://www.osvdb.org/20056 http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html http://www.securityfocus.com/bid/15032 https://exchange.xforce.ibmcloud. •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. • http://marc.info/?l=bugtraq&m=111385690419118&w=2 http://www.kb.cert.org/vuls/id/948486 http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf http://www.us-cert.gov/cas/techalerts/TA05-117A.html •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. • http://marc.info/?l=bugtraq&m=110608912525883&w=2 http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf http://www.petefinnigan.com/directory_traversal.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/18947 •