Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
Software | From | Fixed in |
---|---|---|
oracle / reports | 10g | 10g.x |
oracle / reports | 6.0 | 6.0.x |
oracle / reports | 6i | 6i.x |
oracle / reports | 9i | 9i.x |