Filtered by vendor Oracle
Subscribe
Total
9593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0655 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2008-09-10 | 7.5 HIGH | N/A |
| OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | |||||
| CVE-2001-0516 | 1 Oracle | 2 Oracle8i, Oracle9i | 2008-09-10 | 5.0 MEDIUM | N/A |
| Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data. | |||||
| CVE-2001-0515 | 1 Oracle | 2 Database Server, Oracle8i | 2008-09-10 | 5.0 MEDIUM | N/A |
| Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value. | |||||
| CVE-2001-0498 | 1 Oracle | 1 Oracle8i | 2008-09-10 | 5.0 MEDIUM | N/A |
| Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension. | |||||
| CVE-2000-1236 | 1 Oracle | 1 Application Server | 2008-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL. | |||||
| CVE-2000-0576 | 1 Oracle | 1 Web Listener | 2008-09-10 | 5.0 MEDIUM | N/A |
| Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL. | |||||
| CVE-2000-0206 | 1 Oracle | 1 Oracle8i | 2008-09-10 | 6.2 MEDIUM | N/A |
| The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. | |||||
| CVE-2000-0169 | 1 Oracle | 1 Application Server | 2008-09-10 | 7.5 HIGH | N/A |
| Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. | |||||
| CVE-2004-0637 | 1 Oracle | 2 Oracle8i, Oracle9i | 2008-09-10 | 6.5 MEDIUM | N/A |
| Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | |||||
| CVE-1999-0888 | 1 Oracle | 2 Database Server, Oracle8i | 2008-09-09 | 4.6 MEDIUM | N/A |
| dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. | |||||
| CVE-2007-5561 | 1 Oracle | 2 Enterprise Grid Console Server, Opmn Daemon | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure. | |||||
| CVE-2007-5554 | 1 Oracle | 1 Database Server | 2008-09-05 | 7.1 HIGH | N/A |
| Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2006-1036 | 1 Oracle | 1 Diagnostics | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions." | |||||
| CVE-2006-1035 | 1 Oracle | 2 Diagnostics, E-business Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. | |||||
| CVE-2005-3641 | 1 Oracle | 5 Database Server, Database Server Lite, Oracle10g and 2 more | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | |||||
| CVE-2002-2347 | 1 Oracle | 1 Application Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | |||||
| CVE-2002-2345 | 1 Oracle | 1 Application Server | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | |||||
| CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | |||||
| CVE-2002-1858 | 1 Oracle | 1 Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||