9879 matches found
CVE-2002-0559
The CVE-2002-0559 entry concerns a buffer overflow in Oracle9i Application Server’s Apache PL/SQL module exposed via the PL/SQL gateway (mod_plsql). The vulnerability arises from processing long inputs (e.g., long HTTP requests, long DAD passwords, long Authorization headers, or long cache direct...
CVE-2002-0568
CVE-2002-0568 concerns Oracle 9i Application Server where XSQLConfig.xml and soapConfig.xml configuration files are stored insecurely and may be retrieved via a virtual directory. This allows local users to obtain sensitive information, including usernames and passwords, as described in the OpenV...
CVE-2002-0561
CVE-2002-0561 affects Oracle 9i Application Server's PL/SQL Gateway web administration interface. The default configuration uses null authentication, allowing remote attackers to bypass access controls and modify DAD/settings via the PL/SQL gateway administration pages. Details in connected advis...
CVE-2002-0563
CVE-2002-0563 describes a vulnerability in Oracle 9i Application Server 1.0.2.x where the default configuration allows remote anonymous access to sensitive services without authentication. Affected components include Dynamic Monitoring Services (dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, so...
Oracle Application Server contains format string vulnerability
Overview The CERT/CC is aware of a report about a "remotely exploitable format string vulnerability in Oracle Application Server" that could allow an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system. Description Oracle Application Server uses the Apache HTTP Serve...
CVE-2002-1641
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server 9iAS allow remote attackers to execute arbitrary code via unknown vectors...
CVE-2001-1217
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. dot dot sequences...
CVE-2001-1189
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script...
CVE-2001-1189
IBM WebSphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, enabling local users to retrieve passwords via a JSP script. Affected software: IBM WebSphere Application Server prior to 3.5.3. Root cause: credentials stored in cleartext. Impact: loc...
CVE-2001-1216
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page...
Oracle9i Application Server PL/SQL Gateway web administration interface uses null authentication by default
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle 9i Application Server iAS. In its default configuration, the PL/SQL module grants unauthenticated access to the PL/SQL gateway web-based administration interface. Description...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Location header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...
Oracle 9iAS SOAP components allow anonymous users to deploy applications by default
Overview Oracle Application Server 9iAS installs with Simple Object Access Protocol SOAP enabled by default and allows unauthenticated remote users to deploy and undeploy SOAP services and providers. Description Oracle Application Server 9iAS supports Simple Object Access Protocol SOAP, an...
Oracle 9iAS allows anonymous remote users to view sensitive Apache services by default
Overview Oracle Application Server 9iAS allows remote users to access several Apache services without authentication. Description Oracle Application Server 9iAS includes the Apache Web server and several Apache services. In the default install configuration, many of these services, including...
Oracle9i Application Server OWA_UTIL procedures expose sensitive information
Overview Oracle9i Application Server iAS provides a Procedural Language/Structured Query Language PL/SQL application package called OWAUTIL that provides web access to a number of stored procedures. These procedures could be used by an attacker to view the source code of PL/SQL applications, obta...
Oracle 9iAS default configuration allows arbitrary users to view sensitive configuration files
Overview It is possible to read the "XSQLConfig.xml" and "soapConfig.xml" configuration files from an Oracle 9i Application Server under the default installation without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially...
Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. By specifying the Database Access Descriptor DAD used to access a PL/SQL application, an attacker could gain unauthorized access to the application...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Authorization header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. An HTTP Authorization header with a crafted password parameter could allow an unauthenticated remote attacker to cause a denial of...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via cache directory name
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service or execute arbitrary code on the system...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP request
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. A maliciously crafted HTTP request made to the PL/SQL module could cause a denial of service or execute arbitrary code with the...