Application Server
CVEs (200)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1089 | 0.03 | — | 0.05 | Oct 4, 2002 | rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. | |||
| CVE-2002-0843 | 0.02 | — | 0.21 | Oct 11, 2002 | Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | |||
| CVE-2002-0569 | 0.02 | — | 0.19 | Jul 3, 2002 | Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet). | |||
| CVE-2009-0993 | 0.01 | — | 0.08 | Apr 15, 2009 | Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not… | |||
| CVE-2007-0222 | 0.01 | — | 0.11 | Jan 17, 2007 | Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE… | |||
| CVE-2006-0283 | 0.01 | — | 0.07 | Jan 18, 2006 | Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert… | |||
| CVE-2006-0289 | 0.01 | — | 0.11 | Jan 18, 2006 | Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE:… | |||
| CVE-2006-0288 | 0.01 | — | 0.07 | Jan 18, 2006 | Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02. | |||
| CVE-2004-1366 | 0.01 | — | 0.15 | Aug 4, 2004 | Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. | |||
| CVE-2004-1365 | 0.01 | — | 0.07 | Aug 4, 2004 | Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. | |||
| CVE-2004-1371 | 0.01 | — | 0.11 | Aug 4, 2004 | Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. | |||
| CVE-2004-1362 | 0.01 | — | 0.09 | Aug 4, 2004 | The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with… | |||
| CVE-2004-1367 | 0.01 | — | 0.07 | Aug 4, 2004 | Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that… | |||
| CVE-2002-0842 | 0.01 | — | 0.15 | Mar 3, 2003 | Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes… | |||
| CVE-2002-1631 | 0.01 | — | 0.08 | Dec 31, 2002 | SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. | |||
| CVE-2002-2153 | 0.01 | — | 0.07 | Dec 31, 2002 | Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | |||
| CVE-2002-1630 | 0.01 | — | 0.07 | Dec 31, 2002 | The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | |||
| CVE-2002-0947 | 0.01 | — | 0.10 | Oct 4, 2002 | Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. | |||
| CVE-2002-0655 | 0.01 | — | 0.08 | Aug 12, 2002 | OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. | |||
| CVE-2002-0561 | 0.01 | — | 0.10 | Jul 3, 2002 | The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. |
- CVE-2002-1089Oct 4, 2002risk 0.03cvss —epss 0.05
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
- CVE-2002-0843Oct 11, 2002risk 0.02cvss —epss 0.21
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
- CVE-2002-0569Jul 3, 2002risk 0.02cvss —epss 0.19
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).
- CVE-2009-0993Apr 15, 2009risk 0.01cvss —epss 0.08
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not…
- CVE-2007-0222Jan 17, 2007risk 0.01cvss —epss 0.11
Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE…
- CVE-2006-0283Jan 18, 2006risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert…
- CVE-2006-0289Jan 18, 2006risk 0.01cvss —epss 0.11
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE:…
- CVE-2006-0288Jan 18, 2006risk 0.01cvss —epss 0.07
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02.
- CVE-2004-1366Aug 4, 2004risk 0.01cvss —epss 0.15
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
- CVE-2004-1365Aug 4, 2004risk 0.01cvss —epss 0.07
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
- CVE-2004-1371Aug 4, 2004risk 0.01cvss —epss 0.11
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
- CVE-2004-1362Aug 4, 2004risk 0.01cvss —epss 0.09
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with…
- CVE-2004-1367Aug 4, 2004risk 0.01cvss —epss 0.07
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that…
- CVE-2002-0842Mar 3, 2003risk 0.01cvss —epss 0.15
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes…
- CVE-2002-1631Dec 31, 2002risk 0.01cvss —epss 0.08
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
- CVE-2002-2153Dec 31, 2002risk 0.01cvss —epss 0.07
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.
- CVE-2002-1630Dec 31, 2002risk 0.01cvss —epss 0.07
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
- CVE-2002-0947Oct 4, 2002risk 0.01cvss —epss 0.10
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
- CVE-2002-0655Aug 12, 2002risk 0.01cvss —epss 0.08
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
- CVE-2002-0561Jul 3, 2002risk 0.01cvss —epss 0.10
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
Page 2 of 10