Vulnerabilities for Reports (...) - CXSECURITY.COM

Vulnerabilities for 'Reports'

2005-09-19

CVE-2005-2983

SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes.

2005-07-26

CVE-2005-2379

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet.

CVE-2005-2378

CWE-22

Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.

CVE-2005-2371

CWE-22

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.

2002-10-04

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.

CVE-2002-0947

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.

>>> Vendor: Oracle 744 Products

Database server

Database assistant

Application server

Internet directory

E-business suite

Application server web cache

Corporate time outlook connector

Application server portal

Collaboration suite

Enterprise manager

Enterprise manager database control

Enterprise manager grid control

Database server lite

10g reports server

10g enterprise manager database control

Enterprise manager application server control

Peoplesoft enterprise

Peoplesoft enterprise customer relationship management

Application server discussion forum portlet

Peoplesoft enterprise portal

10g enterprise manager grid control

Developer suite

Collaboration suite 10g release 1

Peoplesoft enterprise tools

Rapid install web server

Peoplesoft enterprise human capital management

Peoplesoft enterprise peopletools

Secure enterprise search

Enterprise grid console server

Application server 9i

Application express

Application server 10g

E-business suite 11i

E-business suite 12

Peoplesoft hcm eperformance

Siebel enterprise

Bea product suite

Weblogic server

Webloic server component

Weblogic server component

Oracle portal component

Report manager component

Application object library

Advanced replication

Enterprise manager 10g

Instance management component

Advanced replication component

Oracle database

Oracle application server

Mobile application server

Times ten client server component

Times ten in memory database

Times ten client server

Spatial component

Data pump component

Authentication component

Advanced queuing component

Oracle applications technology stack component

Core rdbms component

Hyperion bi plus component

Database scheduler

Oracle http server component

Jd edwards enterpriseone

Peoplesoft peopletools component

Peoplesoft peopletools

Glassfish server

Jd edwards enterpriseone ep

Weblogic workshop

Timesten in-memory database

Enterprise manager grid control 10g

See all Products for Vendor Oracle

Copyright 2024, cxsecurity.com