EUVD-2005-3202

Malware in sbrugna...

Oracle HTML DB 1.5/1.6 f p Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affecte...

CVE-2007-3860

Unspecified vulnerability in Oracle Application Express formerly Oracle HTML DB 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwvflowsecurity.checkdbpassword...

CVE-2007-3860

CVE-2007-3860 affects Oracle Application Express (APEX) versions 2.2.0.00.32 through 3.0.0.00.20. The vulnerability is described as an SQL injection in wwv_flow_security.check_db_password due to insufficient checks for the '"' character. The connected sources indicate this is a SQL injection vuln...

CVE-2006-7158

Oracle Application Express (APEX/HTMLDB) prior to version 2.2.1 is affected by a cross-site scripting (XSS) vulnerability in the NOTIFICATION_MSG parameter in the APEX UI. The issue allows remote attackers to inject arbitrary web script or HTML. The root cause is insufficient input handling for t...

CVE-2006-5351

Oracle Application Express (APEX/HTMLDB) prior to 2.2.1 contains multiple documented issues (APEX01–APEX35) including SQL injection in WWV_FLOW_UTILITIES.gen_popup_list and XSS via NOTIFICATION_MSG and WWV_FLOW_ITEM_HELP. CVEs CVE-2006-7138, CVE-2006-7158, and CVE-2006-5599 describe these vectors...

CVE-2005-3203

The manual installation of Oracle HTML DB HTMLDB 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges...

CVE-2005-3202

CVE-2005-3202 affects Oracle HTML DB (HTMLDB) versions 1.3 through 1.3.6. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML and, via the affected parameters, potentially execute SQL statements. The exploitation targets the (...

CVE-2005-3203

The CVE-2005-3203 entry concerns Oracle HTML DB (HTMLDB) versions 1.3 through 1.3.6. The issue, as described, is that the SYS password is stored in plaintext in install.lst during manual installation, which allows local users to gain privileges. This is a local-privilege escalation risk affecting...

CVE-2005-3202

Multiple cross-site scripting XSS vulnerabilities in Oracle HTML DB HTMLDB 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the 1 p or 2 pt02 parameters...

CVE-2005-3203

The manual installation of Oracle HTML DB HTMLDB 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges...

Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting

Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context...

Oracle HTML DB 1.5/1.6 - 'f?p=' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. An attacker can leverage...

Oracle HTML DB 1.51.6 - wwv_flow.accept?p_t02 Cross-Site Scripting

Oracle HTML DB 1.51.6 - wwvflow.accept?pt02 Cross-Site Scripting source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting use...

Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept?p_t02' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. An attacker can leverage...