Filtered by vendor Oracle
Subscribe
Total
9592 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0559 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. | |||||
CVE-2004-1369 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. | |||||
CVE-2004-0381 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 2.1 LOW | N/A |
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. | |||||
CVE-2000-0986 | 1 Oracle | 1 Oracle8i | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable. | |||||
CVE-2001-0499 | 1 Oracle | 1 Oracle8i | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD. | |||||
CVE-2002-1923 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | |||||
CVE-2003-1193 | 1 Oracle | 2 Application Server Portal, Oracle9i | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | |||||
CVE-2001-0518 | 1 Oracle | 1 Oracle9i | 2023-12-10 | 5.0 MEDIUM | N/A |
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang. | |||||
CVE-2001-0943 | 1 Oracle | 1 Database Server | 2023-12-10 | 7.2 HIGH | N/A |
dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. | |||||
CVE-2002-1858 | 1 Oracle | 1 Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
CVE-2000-0206 | 1 Oracle | 1 Oracle8i | 2023-12-10 | 6.2 MEDIUM | N/A |
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. | |||||
CVE-2001-0517 | 1 Oracle | 1 Oracle8i | 2023-12-10 | 5.0 MEDIUM | N/A |
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0. | |||||
CVE-1999-0784 | 1 Oracle | 1 Database Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. | |||||
CVE-1999-0711 | 1 Oracle | 1 Oracle8i | 2023-12-10 | 4.6 MEDIUM | N/A |
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. | |||||
CVE-2002-0842 | 1 Oracle | 1 Application Server | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). | |||||
CVE-2004-1877 | 1 Oracle | 2 Application Server, Http Server | 2023-12-10 | 2.6 LOW | N/A |
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | |||||
CVE-2000-0169 | 1 Oracle | 1 Application Server | 2023-12-10 | 7.5 HIGH | N/A |
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. | |||||
CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2023-12-10 | 7.5 HIGH | N/A |
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | |||||
CVE-2004-0837 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2023-12-10 | 2.6 LOW | N/A |
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | |||||
CVE-1999-1256 | 1 Oracle | 1 Database Assistant | 2023-12-10 | 4.6 MEDIUM | N/A |
Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file. |