cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2008-2609,https://securityvulnerability.io/vulnerability/CVE-2008-2609,,"Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors.",Oracle,"Oracle Application Server,Application Server,Oracle Portal Component",,,0.005059999879449606,false,false,false,false,,false,false,2008-07-15T23:41:00.000Z,0
CVE-2008-2589,https://securityvulnerability.io/vulnerability/CVE-2008-2589,,"Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.",Oracle,"Application Server,Oracle Portal Component",,,0.006519999820739031,false,false,false,false,,false,false,2008-07-15T23:41:00.000Z,0
CVE-2008-2583,https://securityvulnerability.io/vulnerability/CVE-2008-2583,,"Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors.",Oracle,"Application Server,Oracle Portal Component",,,0.004800000227987766,false,false,false,false,,false,false,2008-07-15T23:41:00.000Z,0
CVE-2008-2138,https://securityvulnerability.io/vulnerability/CVE-2008-2138,,"Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing ""%0A"" (encoded line feed), then using the session ID that is generated from that request.  NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.",Oracle,Application Server Portal,,,0.8601899743080139,false,false,false,false,,false,false,2008-05-12T16:00:00.000Z,0
CVE-2007-1506,https://securityvulnerability.io/vulnerability/CVE-2007-1506,,Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.,Oracle,Application Server Portal,,,0.011640000157058239,false,false,false,false,,false,false,2007-03-19T22:00:00.000Z,0
CVE-2006-6699,https://securityvulnerability.io/vulnerability/CVE-2006-6699,,Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp.  NOTE: the calendar.jsp vector is covered by CVE-2006-6697.,Oracle,Application Server Portal,,,0.0016899999463930726,false,false,false,false,,false,false,2006-12-23T01:00:00.000Z,0
CVE-2006-6697,https://securityvulnerability.io/vulnerability/CVE-2006-6697,,"CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.",Oracle,Application Server Portal,,,0.023399999365210533,false,false,false,false,,false,false,2006-12-22T02:00:00.000Z,0
CVE-2006-0552,https://securityvulnerability.io/vulnerability/CVE-2006-0552,,"Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.",Oracle,"Oracle10g,Application Server,Enterpriseone,Oracle8i,Developer Suite,Collaboration Suite,Database Server,10g Enterprise Manager Grid Control,Peoplesoft Enterprise Portal,E-business Suite,Oracle9i,Workflow",,,0.1231599971652031,false,false,false,false,,false,false,2006-02-04T11:00:00.000Z,0
CVE-2004-1707,https://securityvulnerability.io/vulnerability/CVE-2004-1707,,"The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.",Oracle,"Oracle8i,Oracle9i,Application Server,Database Server Lite,Application Server Portal",,,0.06449999660253525,false,false,false,false,,false,false,2004-07-30T04:00:00.000Z,0
CVE-2003-1193,https://securityvulnerability.io/vulnerability/CVE-2003-1193,,"Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.",Oracle,"Oracle9i,Application Server Portal",,,0.002360000042244792,false,false,false,false,,false,false,2003-11-03T05:00:00.000Z,0