Vulnerabilities > Oracle > Database Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0298 | Unspecified vulnerability in Oracle Database Server The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. | 5.0 |
| 2005-03-07 | CVE-2005-0701 | Unspecified vulnerability in Oracle Database Server Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | 5.0 |
| 2005-01-18 | CVE-2005-0297 | Unspecified vulnerability in Oracle Database Server 10.2.1 SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. | 7.5 |
| 2004-12-31 | CVE-2004-2345 | Security vulnerability in Oracle9i Database Server Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information. | 6.5 |
| 2004-12-23 | CVE-2004-1339 | SQL Injection vulnerability in Oracle Database Server and Oracle9I SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters. | 6.5 |
| 2004-12-23 | CVE-2004-1338 | Permissions, Privileges, and Access Controls vulnerability in Oracle Database Server and Oracle9I The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions. | 6.5 |
| 2004-08-04 | CVE-2004-1371 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. | 9.0 |
| 2004-08-04 | CVE-2004-1363 | Incorrect Calculation of Buffer Size vulnerability in Oracle products Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. | 9.8 |
| 2003-10-20 | CVE-2003-0727 | Unspecified vulnerability in Oracle Database Server Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions. | 2.1 |
| 2003-05-12 | CVE-2003-0222 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | 9.0 |