VYPR

Oracle9i

by Oracle Corporation

CVEs (52)

  • CVE-2002-1118Oct 28, 2002
    risk 0.00cvss epss 0.03

    TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.

  • CVE-2002-0856Sep 5, 2002
    risk 0.00cvss epss 0.03

    SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.

  • CVE-2002-0858Sep 5, 2002
    risk 0.00cvss epss 0.02

    catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.

  • CVE-2002-0509Aug 12, 2002
    risk 0.00cvss epss 0.03

    Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.

  • CVE-2002-0560Jul 3, 2002
    risk 0.00cvss epss 0.04

    PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.

  • CVE-2002-0565Jul 3, 2002
    risk 0.00cvss epss 0.06

    Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.

  • CVE-2002-0571Jul 3, 2002
    risk 0.00cvss epss 0.03

    Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.

  • CVE-2002-0566Jul 3, 2002
    risk 0.00cvss epss 0.04

    PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.

  • CVE-2002-0564Jul 3, 2002
    risk 0.00cvss epss 0.05

    PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.

  • CVE-2001-0516Jul 21, 2001
    risk 0.00cvss epss 0.02

    Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.

  • CVE-2001-0518Jul 21, 2001
    risk 0.00cvss epss 0.02

    Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.

  • CVE-2001-0513Jul 21, 2001
    risk 0.00cvss epss 0.03

    Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the…

Page 3 of 3