VYPR

Application Server

by Oracle Corporation

CVEs (200)

  • CVE-2002-1089Oct 4, 2002
    risk 0.03cvss epss 0.05

    rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.

  • CVE-2002-0843Oct 11, 2002
    risk 0.02cvss epss 0.21

    Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

  • CVE-2002-0569Jul 3, 2002
    risk 0.02cvss epss 0.19

    Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).

  • CVE-2009-0993Apr 15, 2009
    risk 0.01cvss epss 0.08

    Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not…

  • CVE-2007-0222Jan 17, 2007
    risk 0.01cvss epss 0.11

    Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE…

  • CVE-2006-0283Jan 18, 2006
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert…

  • CVE-2006-0289Jan 18, 2006
    risk 0.01cvss epss 0.11

    Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE:…

  • CVE-2006-0288Jan 18, 2006
    risk 0.01cvss epss 0.07

    Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02.

  • CVE-2004-1366Aug 4, 2004
    risk 0.01cvss epss 0.15

    Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

  • CVE-2004-1365Aug 4, 2004
    risk 0.01cvss epss 0.07

    Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.

  • CVE-2004-1371Aug 4, 2004
    risk 0.01cvss epss 0.11

    Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

  • CVE-2004-1362Aug 4, 2004
    risk 0.01cvss epss 0.09

    The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with…

  • CVE-2004-1367Aug 4, 2004
    risk 0.01cvss epss 0.07

    Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that…

  • CVE-2002-0842Mar 3, 2003
    risk 0.01cvss epss 0.15

    Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes…

  • CVE-2002-1631Dec 31, 2002
    risk 0.01cvss epss 0.08

    SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.

  • CVE-2002-2153Dec 31, 2002
    risk 0.01cvss epss 0.07

    Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.

  • CVE-2002-1630Dec 31, 2002
    risk 0.01cvss epss 0.07

    The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.

  • CVE-2002-0947Oct 4, 2002
    risk 0.01cvss epss 0.10

    Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.

  • CVE-2002-0655Aug 12, 2002
    risk 0.01cvss epss 0.08

    OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2002-0561Jul 3, 2002
    risk 0.01cvss epss 0.10

    The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.

Page 2 of 10