2885 matches found
CVE-2004-1366
CVE-2004-1366 affects Oracle 10g Database Server, where the password for the SYSMAN account is stored in cleartext in the world-readable emoms.properties file. This local-access weakness could allow unprivileged or local users to gain DBA privileges. No explicit remediation version or patch is pr...
CVE-2004-2345
Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information...
Oracle Character Conversion Bugs (#NISR2122004G)
NGSSoftware Insight Security Research Advisory Name: Oracle 10g character conversion bug Systems Affected: Oracle 10g/AS on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...
[Full-Disclosure] iDEFENSE Security Advisory 09.02.04a: Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability
Oracle Database Server dbmssystem.ksdwrt Buffer Overflow Vulnerability iDEFENSE Security Advisory 09.02.04a www.idefense.com/application/poi/display?id=135&type=vulnerabilities September 2, 2004 I. BACKGROUND Oracle Database Server is a family of database products that range from personal databas...
Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation
source: https://www.securityfocus.com/bid/11099/info Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database. SQL exec ctxsys.driload.validatestmt 'create user hacker identified by...
US-CERT Technical Cyber Security Alert TA04-245A -- Multiple Vulnerabilities in Oracle Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA04-245A Multiple Vulnerabilities in Oracle Products Original release date: September 1, 2004 Last revised: -- Source: US-CERT Systems Affected The following Oracle applications are affected: Oracle Database 10g Release...
[Full-Disclosure] [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server
AppSecInc Advisory: Multiple vulnerabilities in Oracle Database Server Date: August 31, 2004 Detailed Information Provided Online At: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/ Credit: These vulnerabilities were researched and discovered by Cesar Cerrudo and Esteban Martinez Fayo...
CVE-2003-0095
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP...
CVE-2003-0095
The CVE-2003-0095 entry concerns a buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6. The vulnerability permits remote code execution via a long username supplied during login, exploitable through client applications that perform their own authentication, demonstra...
Sybase SQL-Anywhere Database Server Default Credentials
Binary data 5150.prm...
Sybase ASE (Adaptive Server Enterprise) Database Server Default Credentials
Binary data 5157.prm...
Sybase SQL-Anywhere Database Server Detection
Binary data 5148.prm...
Sybase ASE (Adaptive Server Enterprise) Database Server Detection
Binary data 5155.prm...
Firebird 1.0 - Remote Database Name Buffer Overrun
Firebird 1.0 - Remote Database Name Buffer Overrun source: https://www.securityfocus.com/bid/10446/info Firebird is reported prone to a remote buffer-overrun vulnerability. The issue occurs because the application fails to perform sufficient boundary checks when the database server is handling...
Firebird 1.0 - Remote Database Name Buffer Overrun
source: https://www.securityfocus.com/bid/10446/info Firebird is reported prone to a remote buffer-overrun vulnerability. The issue occurs because the application fails to perform sufficient boundary checks when the database server is handling database names. A remote attacker may exploit this...
CVE-2003-0939
eo420GetStringFromVarPart in veo420.c for SAP database server SAP DB 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver aka serv.exe process on TCP port 7269, which prevents the server from NULL terminating the...
CVE-2003-0938
vos24u.c in SAP database server SAP DB 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure...
CVE-2003-0938
vos24u.c in SAP database server SAP DB 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure...
CVE-2003-0939
eo420GetStringFromVarPart in veo420.c for SAP database server SAP DB 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver aka serv.exe process on TCP port 7269, which prevents the server from NULL terminating the...
Oracle command-line program buffer overflow in argument handling
Overview A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle system user. Description The Oracle 9 i Database Server package includes the oracle and oracleO command-line client programs to connect ...