Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote malicious users to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle reports 10g |
||
oracle reports 6.0 |
||
oracle reports 6i |
||
oracle reports 9i |