CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site...

CVE-2005-2372

Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the 1 form or 2 module...

CVE-2005-2372

CVE-2005-2372 affects Oracle Forms 4.5–10g, where Form executables (.FMX) can be loaded from arbitrary directories and executed with the privileges of the Oracle/System user. An attacker can upload a malicious FMX and reference it via an absolute path in either the (1) form or (2) module paramete...

CVE-2005-2372

Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the 1 form or 2 module...

Run any OS Command via unauthorized Oracle Forms

Name Run any OS Command via unauthorized Oracle Forms Systems Affected Oracle Web Forms 4.5, 5.0, 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 18 July 2005 V 1.00 Advisory...

Oracle Forms 6i9i4.5.105.06.0.810g Services - Unauthorized Form Execution

Oracle Forms 6i9i4.5.105.06.0.810g Services - Unauthorized Form Execution source: https://www.securityfocus.com/bid/14319/info Oracle Forms Services is susceptible to an unauthorized form execution vulnerability. Attackers may exploit this vulnerability to execute arbitrary commands with the...

Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services - Unauthorized Form Execution

source: https://www.securityfocus.com/bid/14319/info Oracle Forms Services is susceptible to an unauthorized form execution vulnerability. Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing. It shoul...

CVE-2005-2294

Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers...

CVE-2005-2294

Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers...

CVE-2005-2294

Affected software: Oracle Forms on Unix (versions 4.5, 6.0, 6i, 9i). Vulnerability: when a large number of records are retrieved by an Oracle form, a copy of the database tables is stored in a world-readable temporary file. Root cause: insecure temporary file handling enabling a local user to rea...

PT-2005-3221 · Oracle · Oracle Forms

Name of the Vulnerable Software and Affected Versions: Oracle Forms versions 9.0.4 Description: The issue allows local users to obtain sensitive database information because database usernames and passwords are stored in a temporary file that is not properly deleted after use. Recommendations: Fo...

Oracle Forms Builder Password in Temp Files

Name Oracle Forms Builder Password in Temp Files Systems Affected Oracle Formsbuilder 9.0.4 Severity Low Risk Category Information disclosure of passwords Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 12 July 2005 V 1.00 Advisory AKSEC2003-006...

Oracle Forms Insecure Temporary File Handling

Name Oracle Forms Insecure Temporary File Handling Systems Affected Oracle Forms 4.5, 6.0, 6i, 9i Severity Medium Risk Category Information disclosure Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 13 July 2005 V 1.00 Advisory AKSEC2003-006 Oracle...

CVE-2004-2144

Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php...

CVE-2004-2144

Baal Smart Forms pre-3.2 allows remote attackers to bypass authentication and gain system access via a direct request to regadmin.php. The issue is documented across multiple sources (CVE listing and PT Security advisory) and affects versions prior to 3.2. Remediation recommended: upgrade to Baal...

CVE-2004-1874

Multiple cross-site scripting XSS vulnerabilities in 1 deliver.asp and 2 billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms...

CVE-2005-1178

SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature...

CVE-2005-1178

SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature...

CVE-2005-1178

The CVE-2005-1178 entry describes an SQL injection vulnerability in Oracle Forms 10g. The vulnerability allows remote attackers to execute arbitrary SQL commands via the Query/Where feature, indicating an injectable input path in the application’s query-building mechanism. According to the NVD en...

Oracle Forms SQL injection

Form request data is not validated...