VYPR

Application Server

by Oracle Corporation

CVEs (200)

  • CVE-2004-1363CriAug 4, 2004
    risk 0.64cvss 9.8epss 0.09

    Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

  • CVE-2002-0840Oct 11, 2002
    risk 0.11cvss epss 0.94

    Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host:…

  • CVE-2002-0656Aug 12, 2002
    risk 0.10cvss epss 0.90

    Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

  • CVE-2002-0659Aug 12, 2002
    risk 0.06cvss epss 0.36

    The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

  • CVE-2002-0568Jul 3, 2002
    risk 0.06cvss epss 0.75

    Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

  • CVE-2006-0287Jan 18, 2006
    risk 0.05cvss epss 0.25

    Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.

  • CVE-2005-3204Oct 14, 2005
    risk 0.05cvss epss 0.21

    Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.

  • CVE-2005-1383May 3, 2005
    risk 0.05cvss epss 0.31

    The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.

  • CVE-2002-0386Nov 4, 2002
    risk 0.05cvss epss 0.22

    The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked…

  • CVE-2001-0419Jul 2, 2001
    risk 0.05cvss epss 0.24

    Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.

  • CVE-2000-0169Mar 15, 2000
    risk 0.05cvss epss 0.27

    Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.

  • CVE-2004-1364Aug 4, 2004
    risk 0.04cvss epss 0.14

    Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.

  • CVE-2002-0563Jul 3, 2002
    risk 0.04cvss epss 0.51

    The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and…

  • CVE-2001-1217Dec 21, 2001
    risk 0.04cvss epss 0.54

    Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.

  • CVE-2007-3553Jul 3, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the…

  • CVE-2006-0586Feb 8, 2006
    risk 0.03cvss epss 0.05

    Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5)…

  • CVE-2005-1496May 11, 2005
    risk 0.03cvss epss 0.38

    The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.

  • CVE-2004-1774Aug 31, 2004
    risk 0.03cvss epss 0.03

    Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

  • CVE-2004-1707Jul 30, 2004
    risk 0.03cvss epss 0.03

    The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified…

  • CVE-2004-2134Jan 28, 2004
    risk 0.03cvss epss 0.02

    Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.

Page 1 of 10