Lucene search
K

9879 matches found

CVE
CVE
added 2002/06/11 4:0 a.m.71 views

CVE-2002-0559

The CVE-2002-0559 entry concerns a buffer overflow in Oracle9i Application Server’s Apache PL/SQL module exposed via the PL/SQL gateway (mod_plsql). The vulnerability arises from processing long inputs (e.g., long HTTP requests, long DAD passwords, long Authorization headers, or long cache direct...

7.5CVSS9.4AI score0.13139EPSS
Exploits0References14Affected Software4
CVE
CVE
added 2002/06/11 4:0 a.m.89 views

CVE-2002-0568

CVE-2002-0568 concerns Oracle 9i Application Server where XSQLConfig.xml and soapConfig.xml configuration files are stored insecurely and may be retrieved via a virtual directory. This allows local users to obtain sensitive information, including usernames and passwords, as described in the OpenV...

2.1CVSS8.4AI score0.75176EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2002/06/11 4:0 a.m.137 views

CVE-2002-0561

CVE-2002-0561 affects Oracle 9i Application Server's PL/SQL Gateway web administration interface. The default configuration uses null authentication, allowing remote attackers to bypass access controls and modify DAD/settings via the PL/SQL gateway administration pages. Details in connected advis...

7.5CVSS9.1AI score0.09666EPSS
Exploits0References6Affected Software4
CVE
CVE
added 2002/06/11 4:0 a.m.145 views

CVE-2002-0563

CVE-2002-0563 describes a vulnerability in Oracle 9i Application Server 1.0.2.x where the default configuration allows remote anonymous access to sensitive services without authentication. Affected components include Dynamic Monitoring Services (dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, so...

5CVSS9AI score0.51129EPSS
Exploits0References11Affected Software4
CERT
CERT
added 2002/06/04 12:0 a.m.25 views

Oracle Application Server contains format string vulnerability

Overview The CERT/CC is aware of a report about a "remotely exploitable format string vulnerability in Oracle Application Server" that could allow an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system. Description Oracle Application Server uses the Apache HTTP Serve...

8AI score
Exploits0References3
NVD
NVD
added 2002/05/27 4:0 a.m.14 views

CVE-2002-1641

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server 9iAS allow remote attackers to execute arbitrary code via unknown vectors...

10CVSS7.4AI score0.09053EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/03/15 5:0 a.m.28 views

CVE-2001-1217

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. dot dot sequences...

8.7AI score0.54383EPSS
Exploits0References5
Cvelist
Cvelist
added 2002/03/15 5:0 a.m.25 views

CVE-2001-1189

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script...

6.1AI score0.00326EPSS
Exploits0References3
CVE
CVE
added 2002/03/15 5:0 a.m.46 views

CVE-2001-1189

IBM WebSphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, enabling local users to retrieve passwords via a JSP script. Affected software: IBM WebSphere Application Server prior to 3.5.3. Root cause: credentials stored in cleartext. Impact: loc...

4.6CVSS6.5AI score0.00326EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2002/03/15 5:0 a.m.32 views

CVE-2001-1216

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page...

9.4AI score0.08547EPSS
Exploits0References5
CERT
CERT
added 2002/03/13 12:0 a.m.41 views

Oracle9i Application Server PL/SQL Gateway web administration interface uses null authentication by default

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle 9i Application Server iAS. In its default configuration, the PL/SQL module grants unauthenticated access to the PL/SQL gateway web-based administration interface. Description...

7.5CVSS9.8AI score0.09666EPSS
Exploits0References5
CERT
CERT
added 2002/03/12 12:0 a.m.24 views

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Location header

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...

8.7AI score
Exploits0References2
CERT
CERT
added 2002/03/12 12:0 a.m.100 views

Oracle 9iAS SOAP components allow anonymous users to deploy applications by default

Overview Oracle Application Server 9iAS installs with Simple Object Access Protocol SOAP enabled by default and allows unauthenticated remote users to deploy and undeploy SOAP services and providers. Description Oracle Application Server 9iAS supports Simple Object Access Protocol SOAP, an...

7.5CVSS9AI score0.12299EPSS
Exploits1References3
CERT
CERT
added 2002/03/12 12:0 a.m.36 views

Oracle 9iAS allows anonymous remote users to view sensitive Apache services by default

Overview Oracle Application Server 9iAS allows remote users to access several Apache services without authentication. Description Oracle Application Server 9iAS includes the Apache Web server and several Apache services. In the default install configuration, many of these services, including...

5CVSS9.1AI score0.51129EPSS
Exploits0References3
CERT
CERT
added 2002/03/11 12:0 a.m.77 views

Oracle9i Application Server OWA_UTIL procedures expose sensitive information

Overview Oracle9i Application Server iAS provides a Procedural Language/Structured Query Language PL/SQL application package called OWAUTIL that provides web access to a number of stored procedures. These procedures could be used by an attacker to view the source code of PL/SQL applications, obta...

5CVSS9.3AI score0.03651EPSS
Exploits0References4
CERT
CERT
added 2002/03/06 12:0 a.m.27 views

Oracle 9iAS default configuration allows arbitrary users to view sensitive configuration files

Overview It is possible to read the "XSQLConfig.xml" and "soapConfig.xml" configuration files from an Oracle 9i Application Server under the default installation without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially...

2.1CVSS8.9AI score0.75176EPSS
Exploits0References1
CERT
CERT
added 2002/03/01 12:0 a.m.21 views

Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. By specifying the Database Access Descriptor DAD used to access a PL/SQL application, an attacker could gain unauthorized access to the application...

7AI score
Exploits0References2
CERT
CERT
added 2002/02/28 12:0 a.m.35 views

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Authorization header

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. An HTTP Authorization header with a crafted password parameter could allow an unauthenticated remote attacker to cause a denial of...

7.5CVSS10AI score0.13139EPSS
Exploits0References8
CERT
CERT
added 2002/02/28 12:0 a.m.57 views

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via cache directory name

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service or execute arbitrary code on the system...

7.5CVSS9.8AI score0.13139EPSS
Exploits0References6
CERT
CERT
added 2002/02/28 12:0 a.m.26 views

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP request

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. A maliciously crafted HTTP request made to the PL/SQL module could cause a denial of service or execute arbitrary code with the...

7.5CVSS9.8AI score0.13139EPSS
Exploits0References6
Rows per page
Query Builder