Oracle9i@9.0 Security Vulnerabilities and Issues — Oracle9i@9.0 CVE List

Lucene search

OracleOracle9i9.0

23 matches found

CVE•added 2004/09/01 4:0 a.m.•131 views

CVE-2002-0840

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vuln...

6.8CVSS8.4AI score0.91802EPSS

CVE•added 2002/07/03 4:0 a.m.•128 views

CVE-2002-0562

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.

5CVSS9.1AI score0.02916EPSS

CVE•added 2003/04/02 5:0 a.m.•125 views

CVE-2002-0965

Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.

7.5CVSS7.2AI score0.75861EPSS

CVE•added 2002/07/03 4:0 a.m.•117 views

CVE-2002-0561

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.

7.5CVSS9.1AI score0.06961EPSS

CVE•added 2002/07/03 4:0 a.m.•105 views

CVE-2002-0563

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and...

5CVSS9AI score0.30847EPSS

CVE•added 2002/07/03 4:0 a.m.•96 views

CVE-2002-0560

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.

5CVSS8.6AI score0.07505EPSS

CVE•added 2002/07/03 4:0 a.m.•70 views

CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

2.1CVSS8.4AI score0.04804EPSS

CVE•added 2003/04/02 5:0 a.m.•58 views

CVE-2002-0567

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.

7.5CVSS7.5AI score0.01758EPSS

CVE•added 2002/07/03 4:0 a.m.•54 views

CVE-2002-0559

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the pl...

7.5CVSS9.4AI score0.26406EPSS

CVE•added 2004/09/01 4:0 a.m.•54 views

CVE-2003-0095

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.

10CVSS8.1AI score0.43508EPSS

CVE•added 2003/05/12 4:0 a.m.•51 views

CVE-2003-0222

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.

9CVSS7.6AI score0.1251EPSS

CVE•added 2003/03/03 5:0 a.m.•47 views

CVE-2003-0096

Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY par...

9CVSS7.8AI score0.46317EPSS

CVE•added 2002/07/03 4:0 a.m.•45 views

CVE-2002-0564

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.

7.5CVSS9.2AI score0.0152EPSS

CVE•added 2005/01/06 5:0 a.m.•45 views

CVE-2004-1338

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS ...

6.5CVSS6.9AI score0.00303EPSS

CVE•added 2002/07/03 4:0 a.m.•44 views

CVE-2002-0566

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.

5CVSS8.8AI score0.01547EPSS

CVE•added 2005/01/06 5:0 a.m.•43 views

CVE-2004-1339

SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.

6.5CVSS8.3AI score0.00487EPSS

CVE•added 2005/05/11 4:0 a.m.•43 views

CVE-2005-1495

Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.

7.5CVSS9.2AI score0.01038EPSS

CVE•added 2002/08/12 4:0 a.m.•42 views

CVE-2002-0509

Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.

5CVSS6.5AI score0.00864EPSS

CVE•added 2002/07/03 4:0 a.m.•42 views

CVE-2002-0565

Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.

5CVSS8.8AI score0.05915EPSS

CVE•added 2004/09/01 4:0 a.m.•42 views

CVE-2002-1118

TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.

5CVSS6.3AI score0.01594EPSS

CVE•added 2004/09/01 4:0 a.m.•38 views

CVE-2002-1264

Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.

7.5CVSS7.8AI score0.06645EPSS

CVE•added 2003/04/02 5:0 a.m.•36 views

CVE-2002-0856

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.

5CVSS6.8AI score0.00738EPSS

CVE•added 2003/04/02 5:0 a.m.•30 views

CVE-2002-0571

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.

7.5CVSS6.8AI score0.00837EPSS