Description

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.

Remediation

References

CVE-2005-0701

Related Vulnerabilities

WebLogic CVE-2023-21979 Vulnerability (CVE-2023-21979)

WordPress Plugin PostmagThemes Demo Import Arbitrary File Upload (1.0.7)

PHP Other Vulnerability (CVE-2007-1710)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.7.0)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33337)

Severity

Medium

Classification

CVE-2005-0701

Tags

Missing Update Known Vulnerabilities