Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1178

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1178
Last Modified 05 Sep 2008 04:48:26
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1178

Summary

SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.

Vulnerable Systems

Application

  • Oracle Forms 10g

  • Oracle Forms 3.0

  • Oracle Forms 4.5

  • Oracle Forms 5.0

  • Oracle Forms 6.0

  • Oracle Forms 6i

  • Oracle Forms 9i


References

XF - oracle-forms-query-where-popup-sql-injection(20080)

MISC - http://www.securiteam.com/securitynews/5HP0I0UFFI.html

MISC - http://www.red-database-security.com/wp/sql_injection_forms_us.pdf


Last Updated: 27 May 2016 10:40:04