6 matches found
CVE-2004-1707
Oracle 8i/9i and IAS 9.0.2.0.1 on Unix are affected by CVE-2004-1707 due to the dbsnmp and nmo programs. They search a default library path and execute libraries with elevated privileges, enabling certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. No additional ...
CVE-2008-2138
Oracle Application Server Portal 10g is affected by an authentication bypass vulnerability (CVE-2008-2138) where an unauthenticated attacker can read files under /dav_portal/portal by sending a crafted GET request containing a trailing %0A and then reusing the session ID generated from that reque...
CVE-2003-1193
CVE-2003-1193 corresponds to SQL injection vulnerabilities in Oracle9i Application Server Portal DB components (LOVs, Forms, Hierarchy, XML) across versions 9.0.2.00–3.0.9.8.5. The OpenVAS/Nessus evidence references show a related Portal_DEMO.ORG_CHART exposure accessible through mod_plsql, which...
CVE-2007-1506
The CVE-2007-1506 entry describes a Cross‑site Scripting (XSS) vulnerability in Oracle Portal 10g, specifically in PORTAL.wwv_main.render_warning_screen, exploitable by supplying crafted values in the p_oldurl and p_newurl parameters. The affected software is Oracle Portal 10g; the underlying iss...
CVE-2006-6697
CVE-2006-6697 describes a CRLF injection in Oracle Portal 10g and earlier (including 9.0.2) via webapp/jsp/calendar.jsp where an attacker can inject arbitrary HTTP headers and trigger HTTP response splitting by manipulating the enc parameter. Related entries note that CVE-2006-6699’s calendar.jsp...
CVE-2006-6699
CVE-2006-6699 describes multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 (and possibly other versions) that allow remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in the enc parameter to calendarDialog.jsp or fred.jsp. The cale...