Vendor CVEs
Oracle Corporation
All CVEs
10,082 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1368 | 0.00 | — | 0.06 | Aug 4, 2004 | ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. | |||
| CVE-2004-1369 | 0.00 | — | 0.06 | Aug 4, 2004 | The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. | |||
| CVE-2004-1370 | 0.00 | — | 0.04 | Aug 4, 2004 | Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4)… | |||
| CVE-2004-0388 | 0.00 | — | 0.01 | Jun 1, 2004 | The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2004-0381 | 0.00 | — | 0.01 | May 4, 2004 | mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. | |||
| CVE-2004-1877 | 0.00 | — | 0.03 | Mar 30, 2004 | The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and… | |||
| CVE-2003-1331 | 0.00 | — | 0.03 | Dec 31, 2003 | Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | |||
| CVE-2003-1116 | 0.00 | — | 0.04 | Dec 31, 2003 | The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications… | |||
| CVE-2003-0627 | 0.00 | — | 0.02 | Dec 31, 2003 | psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments. | |||
| CVE-2003-1229 | 0.00 | — | 0.05 | Dec 31, 2003 | X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server… | |||
| CVE-2003-0629 | 0.00 | — | 0.01 | Dec 15, 2003 | Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. | |||
| CVE-2003-0950 | 0.00 | — | 0.02 | Dec 15, 2003 | PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file. | |||
| CVE-2003-0628 | 0.00 | — | 0.01 | Dec 15, 2003 | PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value. | |||
| CVE-2003-0894 | 0.00 | — | 0.01 | Nov 17, 2003 | Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument. | |||
| CVE-2003-0841 | 0.00 | — | 0.02 | Nov 17, 2003 | The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request. | |||
| CVE-2003-0626 | 0.00 | — | 0.02 | Nov 13, 2003 | psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments. | |||
| CVE-2003-1193 | 0.00 | — | 0.02 | Nov 3, 2003 | Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | |||
| CVE-2003-1183 | 0.00 | — | 0.01 | Oct 28, 2003 | The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access. | |||
| CVE-2003-0632 | 0.00 | — | 0.05 | Aug 27, 2003 | Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | |||
| CVE-2003-0633 | 0.00 | — | 0.03 | Aug 27, 2003 | Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server… | |||
| CVE-2003-0104 | 0.00 | — | 0.02 | Mar 18, 2003 | Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet. | |||
| CVE-2003-0073 | 0.00 | — | 0.03 | Feb 19, 2003 | Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | |||
| CVE-2002-1252 | 0.00 | — | 0.01 | Feb 7, 2003 | The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler. | |||
| CVE-2002-1921 | 0.00 | — | 0.03 | Dec 31, 2002 | The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | |||
| CVE-2002-1632 | 0.00 | — | 0.05 | Dec 31, 2002 | Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | |||
| CVE-2002-1923 | 0.00 | — | 0.03 | Dec 31, 2002 | The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | |||
| CVE-2002-2345 | 0.00 | — | 0.01 | Dec 31, 2002 | Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | |||
| CVE-2002-1858 | 0.00 | — | 0.05 | Dec 31, 2002 | Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a… | |||
| CVE-2002-2347 | 0.00 | — | 0.02 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2002-1666 | 0.00 | — | 0.02 | Dec 31, 2002 | Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. | |||
| CVE-2002-1636 | 0.00 | — | 0.02 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. | |||
| CVE-2002-1635 | 0.00 | — | 0.04 | Dec 31, 2002 | The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of… | |||
| CVE-2002-1882 | 0.00 | — | 0.05 | Dec 31, 2002 | Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | |||
| CVE-2002-1373 | 0.00 | — | 0.04 | Dec 23, 2002 | Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | |||
| CVE-2002-1118 | 0.00 | — | 0.03 | Oct 28, 2002 | TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. | |||
| CVE-2002-0858 | 0.00 | — | 0.02 | Sep 5, 2002 | catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. | |||
| CVE-2002-0856 | 0.00 | — | 0.03 | Sep 5, 2002 | SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | |||
| CVE-2002-0509 | 0.00 | — | 0.03 | Aug 12, 2002 | Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | |||
| CVE-2002-0566 | 0.00 | — | 0.04 | Jul 3, 2002 | PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. | |||
| CVE-2002-0564 | 0.00 | — | 0.05 | Jul 3, 2002 | PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. | |||
| CVE-2002-0565 | 0.00 | — | 0.06 | Jul 3, 2002 | Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. | |||
| CVE-2002-0560 | 0.00 | — | 0.04 | Jul 3, 2002 | PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | |||
| CVE-2002-0571 | 0.00 | — | 0.03 | Jul 3, 2002 | Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | |||
| CVE-2002-1640 | 0.00 | — | 0.05 | Apr 1, 2002 | Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet… | |||
| CVE-2002-1639 | 0.00 | — | 0.05 | Apr 1, 2002 | Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host". | |||
| CVE-2002-0103 | 0.00 | — | 0.01 | Mar 25, 2002 | An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | |||
| CVE-2002-0102 | 0.00 | — | 0.04 | Mar 25, 2002 | Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | |||
| CVE-2002-1637 | 0.00 | — | 0.01 | Feb 26, 2002 | Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows… | |||
| CVE-2001-1372 | 0.00 | — | 0.06 | Feb 6, 2002 | Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | |||
| CVE-2001-0832 | 0.00 | — | 0.00 | Dec 6, 2001 | Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental… |
- CVE-2004-1368Aug 4, 2004risk 0.00cvss —epss 0.06
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
- CVE-2004-1369Aug 4, 2004risk 0.00cvss —epss 0.06
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
- CVE-2004-1370Aug 4, 2004risk 0.00cvss —epss 0.04
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4)…
- CVE-2004-0388Jun 1, 2004risk 0.00cvss —epss 0.01
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2004-0381May 4, 2004risk 0.00cvss —epss 0.01
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
- CVE-2004-1877Mar 30, 2004risk 0.00cvss —epss 0.03
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and…
- CVE-2003-1331Dec 31, 2003risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
- CVE-2003-1116Dec 31, 2003risk 0.00cvss —epss 0.04
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications…
- CVE-2003-0627Dec 31, 2003risk 0.00cvss —epss 0.02
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments.
- CVE-2003-1229Dec 31, 2003risk 0.00cvss —epss 0.05
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server…
- CVE-2003-0629Dec 15, 2003risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript.
- CVE-2003-0950Dec 15, 2003risk 0.00cvss —epss 0.02
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
- CVE-2003-0628Dec 15, 2003risk 0.00cvss —epss 0.01
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.
- CVE-2003-0894Nov 17, 2003risk 0.00cvss —epss 0.01
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
- CVE-2003-0841Nov 17, 2003risk 0.00cvss —epss 0.02
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
- CVE-2003-0626Nov 13, 2003risk 0.00cvss —epss 0.02
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments.
- CVE-2003-1193Nov 3, 2003risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
- CVE-2003-1183Oct 28, 2003risk 0.00cvss —epss 0.01
The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.
- CVE-2003-0632Aug 27, 2003risk 0.00cvss —epss 0.05
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
- CVE-2003-0633Aug 27, 2003risk 0.00cvss —epss 0.03
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server…
- CVE-2003-0104Mar 18, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
- CVE-2003-0073Feb 19, 2003risk 0.00cvss —epss 0.03
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
- CVE-2002-1252Feb 7, 2003risk 0.00cvss —epss 0.01
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
- CVE-2002-1921Dec 31, 2002risk 0.00cvss —epss 0.03
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
- CVE-2002-1632Dec 31, 2002risk 0.00cvss —epss 0.05
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
- CVE-2002-1923Dec 31, 2002risk 0.00cvss —epss 0.03
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
- CVE-2002-2345Dec 31, 2002risk 0.00cvss —epss 0.01
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
- CVE-2002-1858Dec 31, 2002risk 0.00cvss —epss 0.05
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a…
- CVE-2002-2347Dec 31, 2002risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via…
- CVE-2002-1666Dec 31, 2002risk 0.00cvss —epss 0.02
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
- CVE-2002-1636Dec 31, 2002risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.
- CVE-2002-1635Dec 31, 2002risk 0.00cvss —epss 0.04
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of…
- CVE-2002-1882Dec 31, 2002risk 0.00cvss —epss 0.05
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
- CVE-2002-1373Dec 23, 2002risk 0.00cvss —epss 0.04
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
- CVE-2002-1118Oct 28, 2002risk 0.00cvss —epss 0.03
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
- CVE-2002-0858Sep 5, 2002risk 0.00cvss —epss 0.02
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
- CVE-2002-0856Sep 5, 2002risk 0.00cvss —epss 0.03
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
- CVE-2002-0509Aug 12, 2002risk 0.00cvss —epss 0.03
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
- CVE-2002-0566Jul 3, 2002risk 0.00cvss —epss 0.04
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
- CVE-2002-0564Jul 3, 2002risk 0.00cvss —epss 0.05
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
- CVE-2002-0565Jul 3, 2002risk 0.00cvss —epss 0.06
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
- CVE-2002-0560Jul 3, 2002risk 0.00cvss —epss 0.04
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
- CVE-2002-0571Jul 3, 2002risk 0.00cvss —epss 0.03
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
- CVE-2002-1640Apr 1, 2002risk 0.00cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet…
- CVE-2002-1639Apr 1, 2002risk 0.00cvss —epss 0.05
Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".
- CVE-2002-0103Mar 25, 2002risk 0.00cvss —epss 0.01
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
- CVE-2002-0102Mar 25, 2002risk 0.00cvss —epss 0.04
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.
- CVE-2002-1637Feb 26, 2002risk 0.00cvss —epss 0.01
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows…
- CVE-2001-1372Feb 6, 2002risk 0.00cvss —epss 0.06
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
- CVE-2001-0832Dec 6, 2001risk 0.00cvss —epss 0.00
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental…
Page 201 of 202