Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Total 9793 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1637 1 Oracle 1 Application Server 2024-11-20 4.6 MEDIUM N/A
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
CVE-2002-1636 1 Oracle 1 Application Server 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.
CVE-2002-1635 1 Oracle 1 Application Server 2024-11-20 5.0 MEDIUM N/A
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
CVE-2002-1632 1 Oracle 1 Application Server 2024-11-20 6.4 MEDIUM N/A
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
CVE-2002-1631 1 Oracle 1 Application Server 2024-11-20 7.5 HIGH N/A
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
CVE-2002-1630 1 Oracle 1 Application Server 2024-11-20 7.5 HIGH N/A
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
CVE-2002-1376 2 Oracle, Symantec Veritas 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager 2024-11-20 7.5 HIGH N/A
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2002-1375 2 Oracle, Symantec Veritas 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager 2024-11-20 7.5 HIGH N/A
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
CVE-2002-1374 2 Oracle, Symantec Veritas 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager 2024-11-20 7.5 HIGH N/A
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
CVE-2002-1373 1 Oracle 1 Mysql 2024-11-20 5.0 MEDIUM N/A
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
CVE-2002-1337 7 Gentoo, Hp, Netbsd and 4 more 9 Linux, Alphaserver Sc, Hp-ux and 6 more 2024-11-20 10.0 HIGH N/A
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
CVE-2002-1264 1 Oracle 1 Oracle9i 2024-11-20 7.5 HIGH N/A
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
CVE-2002-1118 1 Oracle 2 Oracle8i, Oracle9i 2024-11-20 5.0 MEDIUM N/A
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
CVE-2002-1089 1 Oracle 2 Application Server, Reports 2024-11-20 5.0 MEDIUM N/A
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
CVE-2002-0969 2 Microsoft, Oracle 2 Windows, Mysql 2024-11-20 4.6 MEDIUM 7.8 HIGH
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
CVE-2002-0965 1 Oracle 1 Oracle9i 2024-11-20 7.5 HIGH N/A
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
CVE-2002-0947 1 Oracle 2 Application Server, Reports 2024-11-20 7.5 HIGH N/A
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
CVE-2002-0858 1 Oracle 2 Oracle8i, Oracle9i 2024-11-20 7.5 HIGH N/A
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
CVE-2002-0857 1 Oracle 2 Database Server, Oracle8i 2024-11-20 7.5 HIGH N/A
Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.
CVE-2002-0856 1 Oracle 2 Database Server, Oracle9i 2024-11-20 5.0 MEDIUM N/A
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.