15 matches found
CVE-2002-0562
CVE-2002-0562 affects Oracle 9i Application Server 1.0.2.x when running Oracle JSP or SQLJSP. The default configuration stores globals.jsa under the web root, enabling a remote attacker to obtain sensitive data (e.g., usernames and passwords) by directly requesting globals.jsa via HTTP. The vulne...
CVE-2002-0563
CVE-2002-0563 describes a vulnerability in Oracle 9i Application Server 1.0.2.x where the default configuration allows remote anonymous access to sensitive services without authentication. Affected components include Dynamic Monitoring Services (dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, so...
CVE-2001-0836
CVE-2001-0836 describes a buffer overflow in Oracle9iAS Web Cache 2.0.0.1 that can be triggered by a long HTTP GET request, allowing a remote attacker to potentially execute arbitrary code on the affected system. Connected sources (OpenVAS NASL entries and Nessus plugin data) corroborate a relate...
CVE-2002-0560
Oracle 9i Application Server 1.0.2.x with PL/SQL module 3.0.9.8.2 exposes OWA_UTIL procedures (signature, listprint, show_query_columns) to remote attackers, enabling information disclosure. Affected component is the PL/SQL gateway (modplsql) in Oracle 9iAS; exploitation involves unauthenticated ...
CVE-2002-0561
CVE-2002-0561 affects Oracle 9i Application Server's PL/SQL Gateway web administration interface. The default configuration uses null authentication, allowing remote attackers to bypass access controls and modify DAD/settings via the PL/SQL gateway administration pages. Details in connected advis...
CVE-2004-0385
CVE-2004-0385 describes a heap-based buffer overflow in Oracle Application Server Web Cache, affecting 9iAS Web Cache versions 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0. The vulnerability allows remote attackers to execute arbitrary code by sending a long HTTP Request Method header to the We...
CVE-2002-0559
The CVE-2002-0559 entry concerns a buffer overflow in Oracle9i Application Server’s Apache PL/SQL module exposed via the PL/SQL gateway (mod_plsql). The vulnerability arises from processing long inputs (e.g., long HTTP requests, long DAD passwords, long Authorization headers, or long cache direct...
CVE-2002-0564
CVE-2002-0564 affects Oracle 9i Application Server 1.0.2.x via PL/SQL module 3.0.9.8.2. An attacker can bypass authentication for a Database Access Descriptor (DAD) by altering the URL to reference a different DAD that already has valid credentials, enabling unauthorized access. The description n...
CVE-2002-0566
CVE-2002-0566 affects Oracle 9i Application Server (iAS) with the PL/SQL module 3.0.9.8.2. The vulnerability allows an unauthenticated remote attacker to crash the Apache-based PL/SQL service by sending a malformed HTTP Authorization header (no auth type). Impact is denial of service (partial ava...
CVE-2002-0565
The CVE-2002-0565 incident concerns Oracle 9iAS 1.0.2.x, where JSP files compiled under the web root in the _pages directory are world-readable. This enables remote attackers to read JSP source and derive sensitive information (e.g., usernames and passwords) via a direct HTTP request to _pages. T...
CVE-2005-1382
CVE-2005-1382 affects Oracle WebCache 9i: the webcacheadmin dump file handling allows an administrator to place cache_dump_file contents at arbitrary locations due to insufficient restrictions on the destination path. The CPAI advisory explains that this enables data/caching file contents to be w...
CVE-2002-1641
Oracle Web Cache in Oracle 9i Application Server (9iAS) has multiple buffer overflows that allow remote attackers to execute arbitrary code via unknown vectors. The connected records confirm the affected product and the root cause (buffer overflows) with remote code execution as impact, but do no...
CVE-2005-1381
CVE-2005-1381: Oracle WebCache 9i contains multiple cross-site scripting vulnerabilities exploitable via the cache_dump_file and PartialPageErrorPage parameters. The NVD entry reports a MEDIUM base score (6.8) with network access, no authentication, and partial impacts to confidentiality, integri...
CVE-2002-0103
CVE-2002-0103 affects Oracle9iAS Web Cache 2.0.0.x. An installer creates executable and configuration files with insecure permissions, enabling local privilege escalation. Impacted scenarios include (1) executing webcached to gain privileges and (2) reading webcache.xml to obtain the administrato...
CVE-2002-0102
CVE-2002-0102 affects Oracle9iAS Web Cache 2.0.0.x. The vulnerability allows a remote attacker to cause a denial of service by sending crafted requests: to TCP ports 1100, 4000, 4001, or 4002 with a large number of null characters to TCP port 4000 with a large number of '.' charactersImpact per t...