CVE-2005-2371
published 2005-07-26CVE-2005-2371: Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
22.29%
97.4th percentile
Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | application_server | — | — |
| oracle | e-business_suite | — | — |
| oracle | reports | — | — |
| oracle | reports | — | — |
| oracle | reports | — | — |
| oracle | reports | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-762j-f7hq-mp7h: Directory traversal vulnerability in Oracle Reports 6
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2005-2371 [CRITICAL] CWE-22 GHSA-762j-f7hq-mp7h: Directory traversal vulnerability in Oracle Reports 6
Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
GHSA
GHSA-rvr3-9qq5-xq2q: Multiple unspecified vulnerabilities in Oracle Application Server 6
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2006-0289 [MEDIUM] GHSA-rvr3-9qq5-xq2q: Multiple unspecified vulnerabilities in Oracle Application Server 6
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005-2378 and REP06 is the same as CVE-2005-2371, both of which involve directory traversal.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112180096507467&w=2http://secunia.com/advisories/18493http://secunia.com/advisories/18608http://securitytracker.com/id?1014524http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.htmlhttp://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.htmlhttp://www.securityfocus.com/archive/1/422257/30/7430/threadedhttp://www.securityfocus.com/bid/14309http://www.vupen.com/english/advisories/2006/0323https://exchange.xforce.ibmcloud.com/vulnerabilities/24321http://marc.info/?l=bugtraq&m=112180096507467&w=2http://secunia.com/advisories/18493http://secunia.com/advisories/18608http://securitytracker.com/id?1014524http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.htmlhttp://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.htmlhttp://www.securityfocus.com/archive/1/422257/30/7430/threadedhttp://www.securityfocus.com/bid/14309http://www.vupen.com/english/advisories/2006/0323https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
2005-07-26
Published