CVSS: 4.3EPSS: 6%CPEs: 53EXPL: 2CVE-2005-3204 – Oracle 9 - XML DB Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3204
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. • https://www.exploit-db.com/exploits/26332 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html http://marc.info/?l=bugtraq&m=112870541502542&w=2 http://secunia.com/advisories/15991 http://securityreason.com/securityalert/66 http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html http://www.osvdb.org/20054 http://www.red-database-security.com/advisory/oracle_xmldb_css.html http://www.securityfocus.com/bid/15034 https://exchange.xforce.ibmcloud.com/ •
CVSS: 4.3EPSS: 40%CPEs: 1EXPL: 1CVE-2005-2093
https://notcve.org/view.php?id=CVE-2005-2093
Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/42902 •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 1CVE-2005-1495
https://notcve.org/view.php?id=CVE-2005-1495
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. • http://marc.info/?l=bugtraq&m=111531683824209&w=2 http://www.kb.cert.org/vuls/id/777773 http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html http://www.securityfocus.com/bid/16258 https://exchange.xforce.ibmcloud.com/vulnerabilities/20407 •
CVSS: 4.6EPSS: 42%CPEs: 12EXPL: 2CVE-2005-1496
https://notcve.org/view.php?id=CVE-2005-1496
The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. • http://marc.info/?l=bugtraq&m=111531740305049&w=2 http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html http://www.securityfocus.com/bid/13509 https://exchange.xforce.ibmcloud.com/vulnerabilities/20410 •
CVSS: 7.5EPSS: 94%CPEs: 4EXPL: 4CVE-2005-1383 – Oracle Application Server 9.0 - HTTP Service Mod_Access Restriction Bypass
https://notcve.org/view.php?id=CVE-2005-1383
The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. • https://www.exploit-db.com/exploits/25559 http://marc.info/?l=bugtraq&m=111472266123952&w=2 http://secunia.com/advisories/15143 http://www.osvdb.org/15908 http://www.red-database-security.com/advisory/oracle_webcache_bypass.html http://www.securityfocus.com/bid/13418 https://exchange.xforce.ibmcloud.com/vulnerabilities/20311 •