U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Oracle Forms
  • Search Type: Search All
  • CPE Name Search: false
  • CPE Vendor: cpe:/:oracle
There are 23 matching records.
Displaying matches 21 through 23.
Vuln ID Summary CVSS Severity
CVE-2005-2294

Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.

Published: July 18, 2005; 12:00:00 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 2.1 LOW
CVE-2005-1178

SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.

Published: May 02, 2005; 12:00:00 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2003-1193

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

Published: November 03, 2003; 12:00:00 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.5 HIGH