Vendor CVEs
Oracle Corporation
All CVEs
10,082 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-0279 | 0.00 | — | 0.04 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning component. | |||
| CVE-2006-0291 | 0.00 | — | 0.05 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by… | |||
| CVE-2006-0276 | 0.00 | — | 0.05 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4) OCS04, 5) OCS05, 6) OCS06, 7) OCS07, (8) OCS08, and (9) OCS09 in… | |||
| CVE-2006-0285 | 0.00 | — | 0.05 | Jan 18, 2006 | Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01. | |||
| CVE-2006-0273 | 0.00 | — | 0.05 | Jan 18, 2006 | Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01. | |||
| CVE-2006-0260 | 0.00 | — | 0.05 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply… | |||
| CVE-2006-0277 | 0.00 | — | 0.04 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component;… | |||
| CVE-2006-0266 | 0.00 | — | 0.03 | Jan 18, 2006 | Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19. | |||
| CVE-2006-0258 | 0.00 | — | 0.05 | Jan 18, 2006 | Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03. | |||
| CVE-2006-0281 | 0.00 | — | 0.04 | Jan 18, 2006 | Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01. | |||
| CVE-2006-0275 | 0.00 | — | 0.05 | Jan 18, 2006 | Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to… | |||
| CVE-2006-0284 | 0.00 | — | 0.05 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component. | |||
| CVE-2006-0263 | 0.00 | — | 0.06 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the… | |||
| CVE-2006-0265 | 0.00 | — | 0.05 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network… | |||
| CVE-2006-0271 | 0.00 | — | 0.03 | Jan 18, 2006 | Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly… | |||
| CVE-2006-0269 | 0.00 | — | 0.02 | Jan 18, 2006 | Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a… | |||
| CVE-2006-0267 | 0.00 | — | 0.03 | Jan 18, 2006 | Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20. | |||
| CVE-2006-0272 | 0.00 | — | 0.06 | Jan 18, 2006 | Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a… | |||
| CVE-2006-0261 | 0.00 | — | 0.05 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE:… | |||
| CVE-2006-0280 | 0.00 | — | 0.04 | Jan 18, 2006 | Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01. | |||
| CVE-2006-0274 | 0.00 | — | 0.05 | Jan 18, 2006 | Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03. | |||
| CVE-2005-4763 | 0.00 | — | 0.02 | Dec 31, 2005 | BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow… | |||
| CVE-2005-4762 | 0.00 | — | 0.00 | Dec 31, 2005 | BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges. | |||
| CVE-2005-4767 | 0.00 | — | 0.01 | Dec 31, 2005 | BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. | |||
| CVE-2005-4764 | 0.00 | — | 0.02 | Dec 31, 2005 | BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). | |||
| CVE-2005-4549 | 0.00 | — | 0.03 | Dec 28, 2005 | Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when… | |||
| CVE-2005-3192 | 0.00 | — | 0.06 | Dec 8, 2005 | Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with… | |||
| CVE-2005-3904 | 0.00 | — | 0.05 | Nov 30, 2005 | Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors. | |||
| CVE-2005-3641 | 0.00 | — | 0.05 | Nov 16, 2005 | Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | |||
| CVE-2005-3451 | 0.00 | — | 0.06 | Nov 2, 2005 | Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10. | |||
| CVE-2005-3452 | 0.00 | — | 0.05 | Nov 2, 2005 | Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13. | |||
| CVE-2005-3459 | 0.00 | — | 0.04 | Nov 2, 2005 | Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical. | |||
| CVE-2005-3447 | 0.00 | — | 0.03 | Nov 2, 2005 | Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08. | |||
| CVE-2005-3457 | 0.00 | — | 0.04 | Nov 2, 2005 | Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS. | |||
| CVE-2005-3456 | 0.00 | — | 0.02 | Nov 2, 2005 | Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge. | |||
| CVE-2005-3462 | 0.00 | — | 0.04 | Nov 2, 2005 | Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02. | |||
| CVE-2005-3465 | 0.00 | — | 0.04 | Nov 2, 2005 | Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01. | |||
| CVE-2005-3464 | 0.00 | — | 0.04 | Nov 2, 2005 | Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04. | |||
| CVE-2005-3463 | 0.00 | — | 0.05 | Nov 2, 2005 | Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03. | |||
| CVE-2005-3450 | 0.00 | — | 0.05 | Nov 2, 2005 | Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04. | |||
| CVE-2005-3454 | 0.00 | — | 0.04 | Nov 2, 2005 | Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7)… | |||
| CVE-2005-3445 | 0.00 | — | 0.06 | Nov 2, 2005 | Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05. | |||
| CVE-2005-3446 | 0.00 | — | 0.05 | Nov 2, 2005 | Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06. | |||
| CVE-2005-3458 | 0.00 | — | 0.02 | Nov 2, 2005 | Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge. | |||
| CVE-2005-3466 | 0.00 | — | 0.04 | Nov 2, 2005 | Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01. | |||
| CVE-2005-3453 | 0.00 | — | 0.05 | Nov 2, 2005 | Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14. | |||
| CVE-2005-3448 | 0.00 | — | 0.05 | Nov 2, 2005 | Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01. | |||
| CVE-2005-3461 | 0.00 | — | 0.03 | Nov 2, 2005 | Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01. | |||
| CVE-2005-3460 | 0.00 | — | 0.04 | Nov 2, 2005 | Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01. | |||
| CVE-2005-3449 | 0.00 | — | 0.06 | Nov 2, 2005 | Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and (4) AS11 in Web Cache. |
- CVE-2006-0279Jan 18, 2006risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning component.
- CVE-2006-0291Jan 18, 2006risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by…
- CVE-2006-0276Jan 18, 2006risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4) OCS04, 5) OCS05, 6) OCS06, 7) OCS07, (8) OCS08, and (9) OCS09 in…
- CVE-2006-0285Jan 18, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01.
- CVE-2006-0273Jan 18, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01.
- CVE-2006-0260Jan 18, 2006risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply…
- CVE-2006-0277Jan 18, 2006risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component;…
- CVE-2006-0266Jan 18, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19.
- CVE-2006-0258Jan 18, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03.
- CVE-2006-0281Jan 18, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01.
- CVE-2006-0275Jan 18, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to…
- CVE-2006-0284Jan 18, 2006risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component.
- CVE-2006-0263Jan 18, 2006risk 0.00cvss —epss 0.06
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the…
- CVE-2006-0265Jan 18, 2006risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network…
- CVE-2006-0271Jan 18, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly…
- CVE-2006-0269Jan 18, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a…
- CVE-2006-0267Jan 18, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20.
- CVE-2006-0272Jan 18, 2006risk 0.00cvss —epss 0.06
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a…
- CVE-2006-0261Jan 18, 2006risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE:…
- CVE-2006-0280Jan 18, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01.
- CVE-2006-0274Jan 18, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03.
- CVE-2005-4763Dec 31, 2005risk 0.00cvss —epss 0.02
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow…
- CVE-2005-4762Dec 31, 2005risk 0.00cvss —epss 0.00
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
- CVE-2005-4767Dec 31, 2005risk 0.00cvss —epss 0.01
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.
- CVE-2005-4764Dec 31, 2005risk 0.00cvss —epss 0.02
BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).
- CVE-2005-4549Dec 28, 2005risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when…
- CVE-2005-3192Dec 8, 2005risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with…
- CVE-2005-3904Nov 30, 2005risk 0.00cvss —epss 0.05
Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.
- CVE-2005-3641Nov 16, 2005risk 0.00cvss —epss 0.05
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
- CVE-2005-3451Nov 2, 2005risk 0.00cvss —epss 0.06
Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10.
- CVE-2005-3452Nov 2, 2005risk 0.00cvss —epss 0.05
Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13.
- CVE-2005-3459Nov 2, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical.
- CVE-2005-3447Nov 2, 2005risk 0.00cvss —epss 0.03
Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08.
- CVE-2005-3457Nov 2, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS.
- CVE-2005-3456Nov 2, 2005risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge.
- CVE-2005-3462Nov 2, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02.
- CVE-2005-3465Nov 2, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01.
- CVE-2005-3464Nov 2, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04.
- CVE-2005-3463Nov 2, 2005risk 0.00cvss —epss 0.05
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03.
- CVE-2005-3450Nov 2, 2005risk 0.00cvss —epss 0.05
Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04.
- CVE-2005-3454Nov 2, 2005risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7)…
- CVE-2005-3445Nov 2, 2005risk 0.00cvss —epss 0.06
Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05.
- CVE-2005-3446Nov 2, 2005risk 0.00cvss —epss 0.05
Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06.
- CVE-2005-3458Nov 2, 2005risk 0.00cvss —epss 0.02
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge.
- CVE-2005-3466Nov 2, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01.
- CVE-2005-3453Nov 2, 2005risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14.
- CVE-2005-3448Nov 2, 2005risk 0.00cvss —epss 0.05
Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.
- CVE-2005-3461Nov 2, 2005risk 0.00cvss —epss 0.03
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01.
- CVE-2005-3460Nov 2, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01.
- CVE-2005-3449Nov 2, 2005risk 0.00cvss —epss 0.06
Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and (4) AS11 in Web Cache.
Page 199 of 202