Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2005-2371

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.

  • Published: Jul 26, 2005
  • Updated: Apr 13, 2023
  • CVE: CVE-2005-2371
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
oracle / reports 6.0 6.0.x
oracle / reports 9i 9i.x
oracle / reports 10g 10g.x
oracle / reports 6i 6i.x