Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0659 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | |||||
| CVE-2000-1235 | 1 Oracle | 1 Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files. | |||||
| CVE-2004-2134 | 1 Oracle | 1 Application Server | 2024-02-28 | 4.6 MEDIUM | N/A |
| Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | |||||
| CVE-2004-1365 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-02-28 | 4.6 MEDIUM | N/A |
| Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. | |||||
| CVE-2000-1236 | 1 Oracle | 1 Application Server | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL. | |||||
| CVE-2002-0559 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. | |||||
| CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
| The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||
| CVE-2002-0560 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | |||||
| CVE-2001-1372 | 1 Oracle | 1 Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | |||||
| CVE-2004-2244 | 1 Oracle | 2 Application Server, Oracle9i | 2024-02-28 | 5.0 MEDIUM | N/A |
| The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | |||||
| CVE-2002-1630 | 1 Oracle | 1 Application Server | 2024-02-28 | 7.5 HIGH | N/A |
| The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | |||||
| CVE-2004-1371 | 1 Oracle | 10 Application Server, Collaboration Suite, Database Server and 7 more | 2024-02-28 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. | |||||
| CVE-2002-2153 | 1 Oracle | 1 Application Server | 2024-02-28 | 7.5 HIGH | N/A |
| Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2001-0591 | 1 Oracle | 2 Application Server, Jsp | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | |||||
| CVE-2002-0842 | 1 Oracle | 1 Application Server | 2024-02-28 | 7.5 HIGH | N/A |
| Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). | |||||
| CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2024-02-28 | 5.0 MEDIUM | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||||
| CVE-2002-1636 | 1 Oracle | 1 Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. | |||||
| CVE-2002-1089 | 1 Oracle | 2 Application Server, Reports | 2024-02-28 | 5.0 MEDIUM | N/A |
| rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. | |||||
| CVE-2002-0566 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. | |||||