Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0567 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | |||||
| CVE-2002-0857 | 1 Oracle | 2 Database Server, Oracle8i | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. | |||||
| CVE-2006-0262 | 1 Oracle | 4 Database Server, Oracle10g, Oracle8i and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08. | |||||
| CVE-2002-0564 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. | |||||
| CVE-2002-0568 | 1 Oracle | 3 Application Server, Oracle8i, Oracle9i | 2025-04-03 | 2.1 LOW | N/A |
| Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. | |||||
| CVE-2002-0858 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
| catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. | |||||
| CVE-2000-0987 | 1 Oracle | 2 Internet Directory, Oracle8i | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter. | |||||
| CVE-2002-0566 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. | |||||
| CVE-2006-0552 | 1 Oracle | 12 10g Enterprise Manager Grid Control, Application Server, Collaboration Suite and 9 more | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. | |||||
| CVE-1999-0711 | 1 Oracle | 1 Oracle8i | 2025-04-03 | 4.6 MEDIUM | N/A |
| The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. | |||||
| CVE-2000-0986 | 1 Oracle | 1 Oracle8i | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable. | |||||
| CVE-2003-0096 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2025-04-03 | 9.0 HIGH | N/A |
| Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. | |||||
| CVE-2004-1362 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2025-04-03 | 7.5 HIGH | N/A |
| The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters. | |||||
| CVE-2004-1368 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2025-04-03 | 7.8 HIGH | N/A |
| ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. | |||||
| CVE-2006-0271 | 1 Oracle | 4 Database Server, Oracle10g, Oracle8i and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions. | |||||
| CVE-2004-1365 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. | |||||
| CVE-2001-0515 | 1 Oracle | 2 Database Server, Oracle8i | 2025-04-03 | 5.0 MEDIUM | N/A |
| Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value. | |||||
| CVE-2003-0634 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | |||||
| CVE-2002-0843 | 2 Apache, Oracle | 4 Http Server, Application Server, Database Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | |||||
| CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||