4 matches found
CVE-2005-2294
Affected software: Oracle Forms on Unix (versions 4.5, 6.0, 6i, 9i). Vulnerability: when a large number of records are retrieved by an Oracle form, a copy of the database tables is stored in a world-readable temporary file. Root cause: insecure temporary file handling enabling a local user to rea...
CVE-2005-1178
The CVE-2005-1178 entry describes an SQL injection vulnerability in Oracle Forms 10g. The vulnerability allows remote attackers to execute arbitrary SQL commands via the Query/Where feature, indicating an injectable input path in the application’s query-building mechanism. According to the NVD en...
CVE-2005-3207
The CVE-2005-3207 item concerns Oracle Forms 4.5.10.22, where the forms servlet (f90servlet) can be abused by a userid parameter containing a STOP command to remotely cause a denial of service (TNS listener stop). The connected Nessus/NASL entry for the October 2005 CPU references multiple Oracle...
CVE-2005-2372
CVE-2005-2372 affects Oracle Forms 4.5–10g, where Form executables (.FMX) can be loaded from arbitrary directories and executed with the privileges of the Oracle/System user. An attacker can upload a malicious FMX and reference it via an absolute path in either the (1) form or (2) module paramete...