Lucene search
K

19 matches found

CVE
CVE
added 2002/07/31 4:0 a.m.232 views

CVE-2002-0656

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, are affected by buffer overflow vulnerabilities that allow remote code execution via two vectors: (1) oversized client master key in SSL2 and (2) oversized session ID in SSL3. The CVE entry CVE-2002-0656 is the primary issue. Affected produ...

7.5CVSS9.6AI score0.8982EPSS
CVE
CVE
added 2002/07/31 4:0 a.m.109 views

CVE-2002-0655

OpenSSL CVE-2002-0655 affects 0.9.6d and earlier and 0.9.7-beta2 and earlier; on 64-bit platforms it mishandles ASCII representations of integers, enabling denial of service and potentially arbitrary code execution. Public sources in the connected docs corroborate multiple related CVEs (0655, 065...

7.5CVSS9.5AI score0.08169EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.105 views

CVE-2004-1371

CVE-2004-1371 describes a stack-based buffer overflow in Oracle 9i/10g that allows remote attackers to execute arbitrary code by sending a long token in the text of a wrapped procedure. The vulnerability affects Oracle’s database/server components and can enable remote code execution with the att...

9CVSS9.6AI score0.10767EPSS
CVE
CVE
added 2002/07/31 4:0 a.m.104 views

CVE-2002-0659

CVE-2002-0659 affects the OpenSSL ASN.1 parser in: OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier. The vulnerability allows remote denial of service via invalid ASN.1 encodings. The OpenSSL family also contains related issues (e.g., CVE-2002-0655 and CVE-2002-0656) that have been exploit...

5CVSS8.2AI score0.36039EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.98 views

CVE-2004-1363

CVE-2004-1363 : The provided data confirms a buffer overflow in the extproc component of Oracle 10g. An attacker can trigger remote code execution by manipulating environment variables in the library name, which are expanded after the length check. The vulnerability is described as enabling remot...

9.8CVSS9.7AI score0.09095EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.80 views

CVE-2004-1364

CVE-2004-1364 is an Oracle extproc directory traversal vulnerability affecting Oracle 9i and 10g. The flaw allows remote attackers to access arbitrary libraries outside the $ORACLE_HOME/bin directory by leveraging the extproc mechanism, potentially executing OS commands with the privileges of the...

8.5CVSS9.1AI score0.13782EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.79 views

CVE-2004-1369

CVE-2004-1369 concerns the TNS Listener in Oracle 10g. The vulnerability allows remote attackers to cause a denial of service (listener crash) by sending a malformed service_register_NSGR request, where a value is used as an invalid offset for a pointer that references incorrect memory. The prima...

5CVSS8.9AI score0.0564EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.77 views

CVE-2004-1366

CVE-2004-1366 affects Oracle 10g Database Server, where the password for the SYSMAN account is stored in cleartext in the world-readable emoms.properties file. This local-access weakness could allow unprivileged or local users to gain DBA privileges. No explicit remediation version or patch is pr...

4.6CVSS9.1AI score0.15495EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.77 views

CVE-2004-1367

CVE-2004-1367 affects Oracle 10g Database Server. When installed with a password containing an exclamation point for the DBSNMP or SYSMAN user, an error is logged to the world‑readable postDBCreation.log, potentially exposing the password to local users who could use it against SYS or SYSTEM acco...

4.4CVSS9AI score0.07275EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.75 views

CVE-2004-1365

CVE-2004-1365 affects Oracle 9i/10g extproc. The vulnerability allows local users to load a library or execute a function without authentication, enabling arbitrary commands to run as the Oracle user. This is documented in the NVD entry and reflected in related Nessus/NVD references.

4.6CVSS9.2AI score0.07362EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.74 views

CVE-2004-1370

CVE-2004-1370 is a set of confirmed SQL injection vulnerabilities in Oracle 9i/10g that affect PL/SQL procedures running with definer rights. The flaws allow remote attackers to execute arbitrary SQL commands and potentially gain privileges via the following procedures: DBMS_EXPORT_EXTENSION, WK_...

7.5CVSS10AI score0.03856EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.70 views

CVE-2004-1368

The CVE-2004-1368 entry affects Oracle ISQL*Plus in Oracle 10g Application Server. The vulnerability allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script, enabling potential arbitrary-file execution on the affected server. The ac...

7.8CVSS9.4AI score0.05556EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.69 views

CVE-2004-1362

CVE-2004-1362 affects the PL/SQL module of the Oracle HTTP Server in Oracle Application Server 10g when using the WE8ISO8859P1 character set. The issue is a character conversion flaw that allows remote attackers to bypass access restrictions for certain procedures via an encoded URL containing “%...

7.5CVSS9.2AI score0.0905EPSS
CVE
CVE
added 2006/01/26 11:0 a.m.67 views

CVE-2006-0435

The CVE-2006-0435 entry concerns Oracle PL/SQL Gateway/PLSQLExclusion bypass vulnerability (PLSQL01). Public sources (CERT VU and NVD) describe that the Oracle PL/SQL Gateway fails to validate HTTP requests, potentially allowing a remote attacker to bypass access controls and execute SQL commands...

7.5CVSS8.9AI score0.05715EPSS
CVE
CVE
added 2005/02/26 5:0 a.m.66 views

CVE-2004-1707

Oracle 8i/9i and IAS 9.0.2.0.1 on Unix are affected by CVE-2004-1707 due to the dbsnmp and nmo programs. They search a default library path and execute libraries with elevated privileges, enabling certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. No additional ...

7.2CVSS9.2AI score0.02572EPSS
CVE
CVE
added 2005/03/28 5:0 a.m.57 views

CVE-2002-1637

Oracle 9i Application Server (9iAS) is affected by CVE-2002-1637 due to default credentials configured across multiple components. Over 160 usernames/passwords are present (e.g., SYS, SYSTEM, AQJAVA, OWA, IMAGEUSER, USER1, USER2, PLSQL, DEMO, FINANCE), which can allow privilege escalation for att...

4.6CVSS9.2AI score0.00574EPSS
CVE
CVE
added 2005/03/28 5:0 a.m.54 views

CVE-2002-1635

The CVE-2002-1635 entry concerns Oracle 9i Application Server (9iAS) where the Apache httpd.conf uses a Location alias for /perl instead of a ScriptAlias. This misconfiguration enables a remote attacker to read the source code of arbitrary CGI files via a URL that targets /perl rather than /cgi-b...

5CVSS8.9AI score0.04407EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.49 views

CVE-2009-1999

Oracle Application Server: CVE-2009-1999 affects the Business Intelligence Enterprise Edition component. The Oracle Application Server risk matrix lists a network-exploitable vulnerability with CVSS v2 base score 4.3 (Partial integrity impact). The vulnerability is described as an unspecified iss...

4.3CVSS9AI score0.02354EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.48 views

CVE-2008-2583

CVE-2008-2583 affects Oracle Portal’s sample Discussion Forum Portlet (Oracle Application Server 10g). The vulnerability resides in the Discussion Forum Portlet distributed via OTN prior to 20080715, enabling remote exploitation over a network with unknown impact per the initial description, but ...

4.3CVSS8.9AI score0.01143EPSS