Filtered by vendor Oracle
Subscriptions
Total
10331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | ||||
| CVE-2001-0515 | 1 Oracle | 2 Database Server, Oracle8i | 2025-04-03 | N/A |
| Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value. | ||||
| CVE-2001-0832 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability." | ||||
| CVE-2000-0986 | 1 Oracle | 1 Oracle8i | 2025-04-03 | N/A |
| Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable. | ||||
| CVE-2001-0833 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." | ||||
| CVE-2005-2558 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | N/A |
| Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. | ||||
| CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2025-04-03 | N/A |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | ||||
| CVE-2005-2573 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | N/A |
| The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. | ||||
| CVE-2001-0836 | 1 Oracle | 1 Application Server Web Cache | 2025-04-03 | N/A |
| Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | ||||
| CVE-2004-2244 | 1 Oracle | 2 Application Server, Oracle9i | 2025-04-03 | N/A |
| The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | ||||
| CVE-2003-0411 | 2 Microsoft, Oracle | 3 Windows 2000, Windows Xp, Sun One Application Server | 2025-04-03 | 7.5 High |
| Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | ||||
| CVE-2002-0965 | 1 Oracle | 1 Oracle9i | 2025-04-03 | N/A |
| Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. | ||||
| CVE-2002-0509 | 1 Oracle | 1 Oracle9i | 2025-04-03 | N/A |
| Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | ||||
| CVE-2001-0126 | 1 Oracle | 1 Oracle8i | 2025-04-03 | N/A |
| Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet. | ||||
| CVE-2003-0222 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2025-04-03 | N/A |
| Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | ||||
| CVE-2003-0150 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Linux | 2025-04-03 | N/A |
| MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | ||||
| CVE-2005-0004 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2025-04-03 | N/A |
| The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. | ||||
| CVE-2002-0559 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | N/A |
| Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. | ||||
| CVE-2002-0560 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | ||||
| CVE-2001-0300 | 1 Oracle | 1 Internet Directory | 2025-04-03 | N/A |
| oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. | ||||