CVE-2002-1578

The default installation of SAP R/3, when using Oracle and SQLnet V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected...

CVE-2002-1578

The default installation of SAP R/3, when using Oracle and SQLnet V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected...

Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function

Overview Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTODSINTERVAL function. Thi...

Oracle Multiple Products SOAP Message Crafted DTD Remote DoS

According to its version, the remote Oracle Database is affected by a denial of service vulnerability. By sending specially crafted SOAP messages with carefully designed XML Data Type Definitions DTDs, it may be possible for a remote attacker to crash the remote database. %NASLMINLEVEL 70300 C...

[Full-Disclosure] Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow

Security Advisory Name: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow. System Affected : Oracle Database 9ir2, previous versions could be affected too. Severity : High Remote exploitable : Yes Author: Cesar Cerrudo. Date: 02/05/04 Advisory Number: CC020401 Legal Notice: This...

Oracle Database 9i Multiple Functions Local Overflow

The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query SET TIMEZONE. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. %NASLMINLEVEL 70300 C Tenable Network...

Oracle command-line program buffer overflow in argument handling

Overview A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle system user. Description The Oracle 9 i Database Server package includes the oracle and oracleO command-line client programs to connect ...

Oracle Database Server 9.0.x - Oracle Binary Local Buffer Overflow

// source: https://www.securityfocus.com/bid/8844/info Oracle Database Server 'oracle' binary has been reported prone to a local buffer overflow vulnerability. The issue likely presents itself due to a lack of sufficient boundary checks performed on command line arguments passed to the affected...

CVE-2003-0727

Multiple buffer overflows in the XML Database XDB functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions...

CVE-2003-0634

Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name...

Multiple Oracle XDB FTP / HTTP Services Buffer Overflow Vulnerabilities

Description In a paper titled "Variations in exploit methods between Linux and Windows" presented at Blackhat 2003, David Litchfield has illustrated multiple vulnerabilities in the Oracle 9i XML Database XDB. Successful exploits may allow remote attackers to run arbitrary code in the security...

Oracle Database Server contains stack overflow in logging mechanism when supplied overly long library name

Overview There is a buffer overflow in several versions of Oracle Database. The impact of this vulnerability may include the execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; and denial of service. Description A buffer overflow...

CVE-2003-0222

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter...

Oracle Net Services CREATE DATABASE LINK Query Overflow

The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query CREATE DATABASE LINK. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. %NASLMINLEVEL 70300 C Tenable...

CVE-2003-0222

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter...

CVE-2003-0222

CVE-2003-0222 : A stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows an attacker to execute arbitrary code via a CREATE DATABASE LINK query containing a connect string with a long USING parameter. The vulnerability requires a valid databa...

Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)

NGSSoftware Insight Security Research Advisory Name: Oracle Database Link Buffer Overflow Systems Affected: All platforms; Oracle9i Database Release 2 and 1, 8i all releases, 8 all releases, 7.3.x Severity: High Risk Vendor URL: http://www.oracle.com Author: David Litchfield [email protected]...

CVE-2003-0096

Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via 1 a long conversion string argument to the TOTIMESTAMPTZ function, 2 a long time zone argument to the TZOFFSET function, or 3 a long DIRECTORY parameter ...

CVE-2003-0095

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP...

CVE-2003-0096

Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via 1 a long conversion string argument to the TOTIMESTAMPTZ function, 2 a long time zone argument to the TZOFFSET function, or 3 a long DIRECTORY parameter ...