Vulnerabilities > Oracle > Oracle10G
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-11 | CVE-2005-1496 | Privilege Escalation vulnerability in Oracle Application Server and Oracle10G The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | 4.6 |
2005-05-11 | CVE-2005-1495 | Buffer Overflow vulnerability in Oracle Application Server, Oracle10G and Oracle9I Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | 7.5 |
2004-08-31 | CVE-2004-1774 | Buffer Overflow vulnerability in Oracle Application Server and Oracle10G Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. | 7.2 |
2004-08-04 | CVE-2004-1371 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. | 9.0 |
2004-08-04 | CVE-2004-1370 | Multiple Unspecified vulnerability in Oracle Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. | 7.5 |
2004-08-04 | CVE-2004-1369 | Multiple Unspecified vulnerability in Oracle The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. | 5.0 |
2004-08-04 | CVE-2004-1368 | Multiple Unspecified vulnerability in Oracle ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. | 7.8 |
2004-08-04 | CVE-2004-1367 | Information Exposure vulnerability in Oracle products Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | 4.4 |
2004-08-04 | CVE-2004-1366 | Credentials Management vulnerability in Oracle products Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. | 4.6 |
2004-08-04 | CVE-2004-1365 | Multiple Unspecified vulnerability in Oracle Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. | 4.6 |