CVE-2005-3438
https://notcve.org/view.php?id=CVE-2005-3438
Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038061.html http://secunia.com/advisories/17250 http://www.kb.cert.org/vuls/id/210524 http://www.kb.cert.org/vuls/id/449444 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html http://www.securityfocus.com/bid/15134 http://www.us-cert.gov/cas/techalerts/TA05-292A.html •
CVE-2005-0298
https://notcve.org/view.php?id=CVE-2005-0298
The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. • http://marc.info/?l=bugtraq&m=110608912525883&w=2 http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf http://www.petefinnigan.com/directory_traversal.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/18947 •
CVE-2004-1338
https://notcve.org/view.php?id=CVE-2004-1338
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions. • http://marc.info/?l=bugtraq&m=110382230614420&w=2 http://www.ngssoftware.com/advisories/oracle23122004I.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18655 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2004-1339
https://notcve.org/view.php?id=CVE-2004-1339
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters. • http://marc.info/?l=bugtraq&m=110382230614420&w=2 http://www.ngssoftware.com/advisories/oracle23122004I.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18655 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2004-1363
https://notcve.org/view.php?id=CVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. • http://marc.info/?l=bugtraq&m=110382345829397&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18659 • CWE-131: Incorrect Calculation of Buffer Size •