CVE-2006-7138

SQL injection vulnerability in wwvflowutilities.genpopuplist in the WWVFLOWUTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the PLOV parameter and calculating a matching MD5 checksum for the PLOVCHECKSUM parameter. NOTE: i...

CVE-2006-7138

SQL injection vulnerability in wwvflowutilities.genpopuplist in the WWVFLOWUTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the PLOV parameter and calculating a matching MD5 checksum for the PLOVCHECKSUM parameter. NOTE: i...

CVE-2006-7138

CVE-2006-7138 affects Oracle Application Express/HTMLDB (APEX) prior to 2.2. The issue is an SQL injection in WWV_FLOW_UTILITIES.gen_popup_list inside the WWV_FLOW_UTILITIES package, enabling remote authenticated users to alter P_LOV and calculate a matching MD5 checksum for P_LOV_CHECKSUM to exe...

Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP

Name Cross-Site-Scripting Vulnerability in Oracle APEX WWVFLOWITEMHELP Systems Affected Oracle APEX/HTMLDB Severity Medium Risk Category Cross Site Scripting XSS/CSS Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Date 18 October 2006 V 1.00 Advisory...

Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG

Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATIONMSG Name Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATIONMSG Systems Affected Oracle APEX/HTMLDB Severity Medium Risk Category Cross Site Scripting XSS/CSS Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak...

CVE-2005-3202

CVE-2005-3202 affects Oracle HTML DB (HTMLDB) versions 1.3 through 1.3.6. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML and, via the affected parameters, potentially execute SQL statements. The exploitation targets the (...

CVE-2005-3203

The CVE-2005-3203 entry concerns Oracle HTML DB (HTMLDB) versions 1.3 through 1.3.6. The issue, as described, is that the SYS password is stored in plaintext in install.lst during manual installation, which allows local users to gain privileges. This is a local-privilege escalation risk affecting...

oracle_htmldb_css.txt

Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB Name Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB Systems Affected Oracle HTMLDB Severity Medium Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...

[Full-disclosure] Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB

Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB Name Cross-Site-Scripting Vulnerabilities in Oracle XMLDB Systems Affected Oracle HTMLDB Severity Low Risk Category Plaintext Password of SYS is logged during Installation of HTMLDB Vendor URL http://www.oracle.com This adviso...

[Full-disclosure] Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB

Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB Name Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB Systems Affected Oracle HTMLDB Severity Medium Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...