Oracle9i
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1264 | 0.01 | — | 0.08 | Nov 12, 2002 | Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. | |||
| CVE-2002-0561 | 0.01 | — | 0.10 | Jul 3, 2002 | The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||
| CVE-2002-0562 | 0.01 | — | 0.07 | Jul 3, 2002 | The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||
| CVE-2002-0559 | 0.01 | — | 0.13 | Jul 3, 2002 | Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long… | |||
| CVE-2002-0567 | 0.01 | — | 0.09 | Jul 3, 2002 | Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | |||
| CVE-2006-1705 | 0.00 | — | 0.01 | Apr 11, 2006 | Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | |||
| CVE-2006-0552 | 0.00 | — | 0.05 | Feb 4, 2006 | Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. | |||
| CVE-2006-0271 | 0.00 | — | 0.03 | Jan 18, 2006 | Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly… | |||
| CVE-2006-0272 | 0.00 | — | 0.06 | Jan 18, 2006 | Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a… | |||
| CVE-2006-0262 | 0.00 | — | 0.04 | Jan 18, 2006 | Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08. | |||
| CVE-2005-3641 | 0.00 | — | 0.05 | Nov 16, 2005 | Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | |||
| CVE-2005-1495 | 0.00 | — | 0.03 | May 11, 2005 | Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | |||
| CVE-2004-2244 | 0.00 | — | 0.03 | Dec 31, 2004 | The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP… | |||
| CVE-2004-1338 | 0.00 | — | 0.01 | Dec 23, 2004 | The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the… | |||
| CVE-2004-1339 | 0.00 | — | 0.01 | Dec 23, 2004 | SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters. | |||
| CVE-2004-1369 | 0.00 | — | 0.06 | Aug 4, 2004 | The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. | |||
| CVE-2004-1370 | 0.00 | — | 0.04 | Aug 4, 2004 | Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4)… | |||
| CVE-2004-1368 | 0.00 | — | 0.06 | Aug 4, 2004 | ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. | |||
| CVE-2003-0894 | 0.00 | — | 0.01 | Nov 17, 2003 | Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument. | |||
| CVE-2003-1193 | 0.00 | — | 0.02 | Nov 3, 2003 | Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. |
- CVE-2002-1264Nov 12, 2002risk 0.01cvss —epss 0.08
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
- CVE-2002-0561Jul 3, 2002risk 0.01cvss —epss 0.10
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
- CVE-2002-0562Jul 3, 2002risk 0.01cvss —epss 0.07
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
- CVE-2002-0559Jul 3, 2002risk 0.01cvss —epss 0.13
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long…
- CVE-2002-0567Jul 3, 2002risk 0.01cvss —epss 0.09
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
- CVE-2006-1705Apr 11, 2006risk 0.00cvss —epss 0.01
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
- CVE-2006-0552Feb 4, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.
- CVE-2006-0271Jan 18, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly…
- CVE-2006-0272Jan 18, 2006risk 0.00cvss —epss 0.06
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a…
- CVE-2006-0262Jan 18, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.
- CVE-2005-3641Nov 16, 2005risk 0.00cvss —epss 0.05
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
- CVE-2005-1495May 11, 2005risk 0.00cvss —epss 0.03
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.
- CVE-2004-2244Dec 31, 2004risk 0.00cvss —epss 0.03
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP…
- CVE-2004-1338Dec 23, 2004risk 0.00cvss —epss 0.01
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the…
- CVE-2004-1339Dec 23, 2004risk 0.00cvss —epss 0.01
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.
- CVE-2004-1369Aug 4, 2004risk 0.00cvss —epss 0.06
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
- CVE-2004-1370Aug 4, 2004risk 0.00cvss —epss 0.04
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4)…
- CVE-2004-1368Aug 4, 2004risk 0.00cvss —epss 0.06
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
- CVE-2003-0894Nov 17, 2003risk 0.00cvss —epss 0.01
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
- CVE-2003-1193Nov 3, 2003risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
Page 2 of 3