Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0568 | 1 Oracle | 3 Application Server, Oracle8i, Oracle9i | 2016-10-17 | 2.1 LOW | N/A |
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. | |||||
CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-17 | 7.5 HIGH | N/A |
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||
CVE-2002-0564 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-17 | 7.5 HIGH | N/A |
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. | |||||
CVE-2002-0560 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2016-10-17 | 5.0 MEDIUM | N/A |
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | |||||
CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2016-10-17 | 5.0 MEDIUM | N/A |
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||||
CVE-2002-1118 | 1 Oracle | 2 Oracle8i, Oracle9i | 2008-09-10 | 5.0 MEDIUM | N/A |
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. | |||||
CVE-2002-0856 | 1 Oracle | 2 Database Server, Oracle9i | 2008-09-10 | 5.0 MEDIUM | N/A |
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | |||||
CVE-2001-0516 | 1 Oracle | 2 Oracle8i, Oracle9i | 2008-09-10 | 5.0 MEDIUM | N/A |
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data. | |||||
CVE-2004-0637 | 1 Oracle | 2 Oracle8i, Oracle9i | 2008-09-09 | 6.5 MEDIUM | N/A |
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | |||||
CVE-2005-3641 | 1 Oracle | 5 Database Server, Database Server Lite, Oracle10g and 2 more | 2008-09-05 | 7.5 HIGH | N/A |
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | |||||
CVE-2002-0965 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. | |||||
CVE-2002-0571 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 7.5 HIGH | N/A |
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | |||||
CVE-2002-0509 | 1 Oracle | 1 Oracle9i | 2008-09-05 | 5.0 MEDIUM | N/A |
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. |