Description
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
Remediation
References
Related Vulnerabilities
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7857)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1476)
WordPress Plugin iframe Cross-Site Scripting (4.0)
WordPress Plugin Events Manager Extended 'admin.php' SQL Injection (3.1.2)
WordPress Plugin Category Specific RSS feed Subscription Cross-Site Request Forgery (2.0)