"Shutdown TNS Listener via Oracle iSQL*Plus" - Alex details how a connect to iSQL*Plus can be used to construct a TNS connect string that includes a STOP command for the listener.
"Shutdown TNS Listener via Oracle Forms Servlet" - Alex demonstrates basically the same issue except that this time the TNS command is sent from Forms
"Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB" - Alex points out that the SYS password used to install HTMLDB is logged to a file in plain text
"Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB" - Alex shows how to send a crafted URL that includes SQL that can be executed in the database.
"Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus" - Alex demonstrates a cross site scripting vulnerability that pops up a windows when an SQL statement is executed.
"Cross-Site-Scripting Vulnerability in Oracle XMLDB" - Alex again demonstrates how XMLDB can be used to pop up a window.
All of these 6 bugs are fixed in CPU July 2005.