2 matches found
CVE-2005-3202
CVE-2005-3202 affects Oracle HTML DB (HTMLDB) versions 1.3 through 1.3.6. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML and, via the affected parameters, potentially execute SQL statements. The exploitation targets the (...
CVE-2005-3203
The CVE-2005-3203 entry concerns Oracle HTML DB (HTMLDB) versions 1.3 through 1.3.6. The issue, as described, is that the SYS password is stored in plaintext in install.lst during manual installation, which allows local users to gain privileges. This is a local-privilege escalation risk affecting...