6 matches found
CVE-2002-1089
CVE-2002-1089 affects rwcgi60, the CGI used with Oracle Reports Server. The flaw is an information disclosure: the program can reveal sensitive data (the full pathname), which an attacker could leverage for further attacks. Connected documents (Nessus plugin) confirm rwcgi60 exposure as part of O...
CVE-2002-0947
CVE-2002-0947 describes a buffer overflow in the rwcgi60 CGI program used by Oracle Reports Server 6.0.8.18.0 and earlier (Oracle9iAS and other products). The vulnerability allows a remote attacker to execute arbitrary code via a long database name parameter. The Oracle RWCGI60 component handles ...
CVE-2005-2378
Oracle Reports (a component of Oracle Application Server) is affected by CVE-2005-2378 through a directory traversal in the rwservlet when the desformat parameter (or related URI parameters) is crafted with absolute/relative file paths. This allows reading arbitrary files on the Reports Server. T...
CVE-2005-2371
Directory traversal vulnerability in Oracle Reports Services (Oracle Application Server) allows remote attackers to overwrite arbitrary files via the desname parameter (e.g., using .., Windows drive letters, or absolute paths). Affected: Oracle Reports 6.0, 6i, 9i, 10g. Root cause: insufficient v...
CVE-2005-2983
CVE-2005-2983 describes an SQL injection vulnerability in Oracle Reports that use Lexical References. The vulnerability arises when the paramform parameter is set to yes, allowing remote attackers to manipulate values in the parameter form and execute arbitrary SQL commands. The issue is document...
CVE-2005-2379
Oracle Reports 9.0.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. The weaknesses are triggered via specific parameters: (1) debug in showenv, (2) test in parsequery, or (3) delimiter, and (4) CELLWRAPPER in ...