Description

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

Remediation

References

CVE-2004-1366

Related Vulnerabilities

WordPress Plugin Zingiri Web Shop Unspecified Vulnerability (2.6.5)

Oracle Application Server Resource Management Errors Vulnerability (CVE-2007-2120)

WordPress Plugin WP-AutoYoutube 'index.php' Script SQL Injection (0.1)

WordPress Plugin WP Mailto Links-Manage Email Links Cross-Site Scripting (2.0.1)

WordPress Plugin Postmatic-Post and comment subscriptions that invite you to hit reply Cross-Site Scripting (1.4.5)

Severity

Medium

Classification

CVE-2004-1366

Tags

Missing Update Known Vulnerabilities