iSQL*Plus
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-3206 | 0.05 | — | 0.22 | Oct 14, 2005 | iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | |||
| CVE-2002-1264 | 0.01 | — | 0.08 | Nov 12, 2002 | Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. | |||
| CVE-2005-3205 | 0.00 | — | 0.02 | Oct 14, 2005 | Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | |||
| CVE-2004-1368 | 0.00 | — | 0.06 | Aug 4, 2004 | ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. |
- CVE-2005-3206Oct 14, 2005risk 0.05cvss —epss 0.22
iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.
- CVE-2002-1264Nov 12, 2002risk 0.01cvss —epss 0.08
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
- CVE-2005-3205Oct 14, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.
- CVE-2004-1368Aug 4, 2004risk 0.00cvss —epss 0.06
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.