Lucene search
K
OracleReports

6 matches found

CVE
CVE
added 2002/08/31 4:0 a.m.61 views

CVE-2002-1089

CVE-2002-1089 affects rwcgi60, the CGI used with Oracle Reports Server. The flaw is an information disclosure: the program can reveal sensitive data (the full pathname), which an attacker could leverage for further attacks. Connected documents (Nessus plugin) confirm rwcgi60 exposure as part of O...

5CVSS8.7AI score0.05449EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.57 views

CVE-2002-0947

CVE-2002-0947 describes a buffer overflow in the rwcgi60 CGI program used by Oracle Reports Server 6.0.8.18.0 and earlier (Oracle9iAS and other products). The vulnerability allows a remote attacker to execute arbitrary code via a long database name parameter. The Oracle RWCGI60 component handles ...

7.5CVSS9.6AI score0.09542EPSS
CVE
CVE
added 2005/07/26 4:0 a.m.50 views

CVE-2005-2378

Oracle Reports (a component of Oracle Application Server) is affected by CVE-2005-2378 through a directory traversal in the rwservlet when the desformat parameter (or related URI parameters) is crafted with absolute/relative file paths. This allows reading arbitrary files on the Reports Server. T...

5CVSS6.2AI score0.09108EPSS
CVE
CVE
added 2005/07/26 4:0 a.m.49 views

CVE-2005-2371

Directory traversal vulnerability in Oracle Reports Services (Oracle Application Server) allows remote attackers to overwrite arbitrary files via the desname parameter (e.g., using .., Windows drive letters, or absolute paths). Affected: Oracle Reports 6.0, 6i, 9i, 10g. Root cause: insufficient v...

5CVSS6.2AI score0.22288EPSS
CVE
CVE
added 2005/09/19 4:0 a.m.44 views

CVE-2005-2983

CVE-2005-2983 describes an SQL injection vulnerability in Oracle Reports that use Lexical References. The vulnerability arises when the paramform parameter is set to yes, allowing remote attackers to manipulate values in the parameter form and execute arbitrary SQL commands. The issue is document...

7.5CVSS8.2AI score0.02179EPSS
CVE
CVE
added 2005/07/26 4:0 a.m.41 views

CVE-2005-2379

Oracle Reports 9.0.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. The weaknesses are triggered via specific parameters: (1) debug in showenv, (2) test in parsequery, or (3) delimiter, and (4) CELLWRAPPER in ...

4.3CVSS5.7AI score0.03569EPSS