5 matches found
CVE-2019-2886
The CVE-2019-2886 entry concerns Oracle Forms (component: Services) within Oracle Fusion Middleware, affected version 12.2.1.3.0. The vulnerability is described as easily exploitable with network access via HTTP, allowing an unauthenticated attacker to compromise Oracle Forms, with successful att...
CVE-2005-2294
Affected software: Oracle Forms on Unix (versions 4.5, 6.0, 6i, 9i). Vulnerability: when a large number of records are retrieved by an Oracle form, a copy of the database tables is stored in a world-readable temporary file. Root cause: insecure temporary file handling enabling a local user to rea...
CVE-2005-1178
The CVE-2005-1178 entry describes an SQL injection vulnerability in Oracle Forms 10g. The vulnerability allows remote attackers to execute arbitrary SQL commands via the Query/Where feature, indicating an injectable input path in the application’s query-building mechanism. According to the NVD en...
CVE-2005-3207
The CVE-2005-3207 item concerns Oracle Forms 4.5.10.22, where the forms servlet (f90servlet) can be abused by a userid parameter containing a STOP command to remotely cause a denial of service (TNS listener stop). The connected Nessus/NASL entry for the October 2005 CPU references multiple Oracle...
CVE-2005-2372
CVE-2005-2372 affects Oracle Forms 4.5–10g, where Form executables (.FMX) can be loaded from arbitrary directories and executed with the privileges of the Oracle/System user. An attacker can upload a malicious FMX and reference it via an absolute path in either the (1) form or (2) module paramete...