CVE-2006-1705
https://notcve.org/view.php?id=CVE-2006-1705
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044990.html http://secunia.com/advisories/19574 http://securitytracker.com/id?1015886 http://www.kb.cert.org/vuls/id/805737 http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html http://www.securityfocus.com/archive/1/430434/100/0/threaded http://www.securityfocus.com/bid/17426 http://www.vupen.com/english/advisories/2006/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/25696 •
CVE-2005-3641
https://notcve.org/view.php?id=CVE-2005-3641
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. • http://www.ngssoftware.com/papers/database-on-xp.pdf http://www.securityfocus.com/bid/15450 •
CVE-2005-3204 – Oracle 9 - XML DB Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3204
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. • https://www.exploit-db.com/exploits/26332 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html http://marc.info/?l=bugtraq&m=112870541502542&w=2 http://secunia.com/advisories/15991 http://securityreason.com/securityalert/66 http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html http://www.osvdb.org/20054 http://www.red-database-security.com/advisory/oracle_xmldb_css.html http://www.securityfocus.com/bid/15034 https://exchange.xforce.ibmcloud.com/ •
CVE-2005-1495
https://notcve.org/view.php?id=CVE-2005-1495
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. • http://marc.info/?l=bugtraq&m=111531683824209&w=2 http://www.kb.cert.org/vuls/id/777773 http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html http://www.securityfocus.com/bid/16258 https://exchange.xforce.ibmcloud.com/vulnerabilities/20407 •
CVE-2004-1338
https://notcve.org/view.php?id=CVE-2004-1338
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions. • http://marc.info/?l=bugtraq&m=110382230614420&w=2 http://www.ngssoftware.com/advisories/oracle23122004I.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18655 • CWE-264: Permissions, Privileges, and Access Controls •