Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle reports vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-2371
Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote malicious users to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed...
Oracle Reports 10g
Oracle Reports 6.0
Oracle Reports 6i
Oracle Reports 9i
5.8
CVSSv2
CVE-2020-2534
Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Oracle Reports Developer 12.2.1.4.0
Oracle Reports Developer 12.2.1.3.0
5.8
CVSSv2
CVE-2020-2533
Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Oracle Reports Developer 12.2.1.4.0
Oracle Reports Developer 12.2.1.3.0
5
CVSSv2
CVE-2002-1089
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote malicious users to use the information in additional attacks.
Oracle Application Server 9.0.2
Oracle Reports 6.0.8
Oracle Reports 6.0.8.19
1 EDB exploit
5
CVSSv2
CVE-2005-2378
Directory traversal vulnerability in Oracle Reports allows remote malicious users to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CP...
Oracle Reports
7.5
CVSSv2
CVE-2005-2983
SQL injection vulnerability in Oracle Reports that use Lexical References allows remote malicious users to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes.
Oracle Reports 1.00
4.3
CVSSv2
CVE-2005-2379
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet.
Oracle Reports 9.0.2
5.8
CVSSv2
CVE-2019-2413
Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...
Oracle Reports Developer 12.2.1.3
1 EDB exploit
7.5
CVSSv2
CVE-2002-0947
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and previous versions, as used in Oracle9iAS and other products, allows remote malicious users to execute arbitrary code via a long database name parameter.
Oracle Reports 6.0.8
Oracle Application Server 9.0.2
4.3
CVSSv2
CVE-2005-0873
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote malicious users to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
Oracle 10g Reports Server 9.0.4.3.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »