Description

The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.

Remediation

References

CVE-2005-1496

Related Vulnerabilities

WordPress Plugin Happy Addons for Elementor Cross-Site Scripting (2.23.0)

PrestaShop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-19124)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-17485)

WordPress Plugin Timeline Calendar SQL Injection (1.2)

WordPress Plugin Simple Instagram Feed Cross-Site Scripting (1.3)

Severity

Medium

Classification

CVE-2005-1496

Tags

Missing Update Known Vulnerabilities