Description

The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information.

Remediation

References

CVE-2005-0298

Related Vulnerabilities

Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2022-21655)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-14998)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32615)

PHP NULL Pointer Dereference Vulnerability (CVE-2016-7131)

WordPress Plugin Sendit WP Newsletter 'id' Parameter SQL Injection (2.1.0)

Severity

Medium

Classification

CVE-2005-0298

Tags

Missing Update Known Vulnerabilities