Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Oracle Subscribe
Filtered by product Oracle9i
Total 53 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0568 1 Oracle 3 Application Server, Oracle8i, Oracle9i 2016-10-17 2.1 LOW N/A
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
CVE-2002-0561 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2016-10-17 7.5 HIGH N/A
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
CVE-2002-0564 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2016-10-17 7.5 HIGH N/A
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
CVE-2002-0560 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2016-10-17 5.0 MEDIUM N/A
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
CVE-2002-0562 1 Oracle 3 Application Server, Application Server Web Cache, Oracle9i 2016-10-17 5.0 MEDIUM N/A
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
CVE-2002-1118 1 Oracle 2 Oracle8i, Oracle9i 2008-09-10 5.0 MEDIUM N/A
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
CVE-2002-0856 1 Oracle 2 Database Server, Oracle9i 2008-09-10 5.0 MEDIUM N/A
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
CVE-2001-0516 1 Oracle 2 Oracle8i, Oracle9i 2008-09-10 5.0 MEDIUM N/A
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
CVE-2004-0637 1 Oracle 2 Oracle8i, Oracle9i 2008-09-09 6.5 MEDIUM N/A
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
CVE-2005-3641 1 Oracle 5 Database Server, Database Server Lite, Oracle10g and 2 more 2008-09-05 7.5 HIGH N/A
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
CVE-2002-0965 1 Oracle 1 Oracle9i 2008-09-05 7.5 HIGH N/A
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
CVE-2002-0571 1 Oracle 1 Oracle9i 2008-09-05 7.5 HIGH N/A
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
CVE-2002-0509 1 Oracle 1 Oracle9i 2008-09-05 5.0 MEDIUM N/A
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.