Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Oracle9i
Total 52 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1339 1 Oracle 2 Database Server, Oracle9i 2024-11-20 6.5 MEDIUM N/A
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.
CVE-2004-1338 1 Oracle 2 Database Server, Oracle9i 2024-11-20 6.5 MEDIUM N/A
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
CVE-2004-0638 1 Oracle 2 Oracle8i, Oracle9i 2024-11-20 8.5 HIGH N/A
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
CVE-2004-0637 1 Oracle 2 Oracle8i, Oracle9i 2024-11-20 6.5 MEDIUM N/A
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
CVE-2003-1208 1 Oracle 1 Oracle9i 2024-11-20 10.0 HIGH N/A
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
CVE-2003-1193 1 Oracle 2 Application Server Portal, Oracle9i 2024-11-20 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
CVE-2003-0894 1 Oracle 1 Oracle9i 2024-11-20 4.6 MEDIUM N/A
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
CVE-2003-0634 1 Oracle 2 Oracle8i, Oracle9i 2024-11-20 7.5 HIGH N/A
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
CVE-2003-0222 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2024-11-20 9.0 HIGH N/A
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
CVE-2003-0096 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2024-11-20 9.0 HIGH N/A
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
CVE-2003-0095 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2024-11-20 10.0 HIGH N/A
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
CVE-2002-1264 1 Oracle 1 Oracle9i 2024-11-20 7.5 HIGH N/A
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
CVE-2002-1118 1 Oracle 2 Oracle8i, Oracle9i 2024-11-20 5.0 MEDIUM N/A
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
CVE-2002-0965 1 Oracle 1 Oracle9i 2024-11-20 7.5 HIGH N/A
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
CVE-2002-0858 1 Oracle 2 Oracle8i, Oracle9i 2024-11-20 7.5 HIGH N/A
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
CVE-2002-0856 1 Oracle 2 Database Server, Oracle9i 2024-11-20 5.0 MEDIUM N/A
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
CVE-2002-0840 2 Apache, Oracle 5 Http Server, Application Server, Database Server and 2 more 2024-11-20 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
CVE-2002-0571 1 Oracle 1 Oracle9i 2024-11-20 7.5 HIGH N/A
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
CVE-2002-0568 1 Oracle 3 Application Server, Oracle8i, Oracle9i 2024-11-20 2.1 LOW N/A
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
CVE-2002-0567 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2024-11-20 7.5 HIGH N/A
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.