Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Total 9793 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0632 1 Oracle 2 Applications, E-business Suite 2024-11-20 7.5 HIGH N/A
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
CVE-2003-0222 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2024-11-20 9.0 HIGH N/A
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
CVE-2003-0150 1 Oracle 1 Mysql 2024-11-20 9.0 HIGH N/A
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
CVE-2003-0096 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2024-11-20 9.0 HIGH N/A
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
CVE-2003-0095 1 Oracle 3 Database Server, Oracle8i, Oracle9i 2024-11-20 10.0 HIGH N/A
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
CVE-2003-0073 1 Oracle 1 Mysql 2024-11-20 5.0 MEDIUM N/A
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
CVE-2002-2347 1 Oracle 1 Application Server 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.
CVE-2002-2345 1 Oracle 1 Application Server 2024-11-20 7.5 HIGH N/A
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
CVE-2002-2153 1 Oracle 1 Application Server 2024-11-20 7.5 HIGH N/A
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.
CVE-2002-1923 1 Oracle 1 Mysql 2024-11-20 7.5 HIGH N/A
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
CVE-2002-1921 1 Oracle 1 Mysql 2024-11-20 7.5 HIGH N/A
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
CVE-2002-1882 1 Oracle 1 E-business Suite 2024-11-20 7.5 HIGH N/A
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
CVE-2002-1858 1 Oracle 1 Application Server 2024-11-20 5.0 MEDIUM N/A
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1844 2 Microsoft, Oracle 2 Windows Media Player, Solaris 2024-11-20 7.2 HIGH 7.8 HIGH
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
CVE-2002-1809 1 Oracle 1 Mysql 2024-11-20 7.5 HIGH N/A
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
CVE-2002-1767 1 Oracle 1 Database Server 2024-11-20 7.2 HIGH N/A
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
CVE-2002-1666 1 Oracle 1 E-business Suite 2024-11-20 5.0 MEDIUM N/A
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
CVE-2002-1641 1 Oracle 1 Application Server Web Cache 2024-11-20 10.0 HIGH N/A
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2002-1640 1 Oracle 1 Configurator 2024-11-20 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
CVE-2002-1639 1 Oracle 1 Configurator 2024-11-20 7.5 HIGH N/A
Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".