Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsBUGTRAQSECURITYVULNS:VULN:4707
HistoryDec 23, 2006 - 12:00 a.m.

Multiple Oracle application server vulnerabilities

2006-12-2300:00:00
BUGTRAQ
vulners.com
47
JSON

SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in temporary files. Weak permissions for temporary files. Reading and writing any file with Oracle Reports. Command execution with Oracle Forms and Oracle Reports. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment.

References

Related

cve 2
checkpoint_advisories 2
nessus 1
cve
cve
CVE-2005-4832
2005-12-31 05:00:00
CVE-2005-1197
2005-05-02 04:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Database Server DBMS_METADATA Package SQL Injection (CVE-2005-1197)
2009-11-17 00:00:00
Oracle Database SUBSCRIPTION_NAME Parameter SQL Injection (CVE-2005-1197)
2009-11-18 00:00:00
nessus
nessus
Oracle Database 10g Multiple Remote Vulnerabilities
2005-04-13 00:00:00
JSON
Related for SECURITYVULNS:VULN:4707
cve2checkpoint_advisories2nessus1