Description

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

Remediation

References

CVE-2004-1366

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2000-1212)

Django Download of Code Without Integrity Check Vulnerability (CVE-2022-36359)

WebLogic Improper Certificate Validation Vulnerability (CVE-2020-9488)

WordPress Plugin PhotoSmash Galleries Arbitrary File Upload (1.0.7)

WordPress Plugin Multiple Roles Cross-Site Request Forgery (1.3.1)

Severity

Medium

Classification

CVE-2004-1366

Tags

Missing Update Known Vulnerabilities