Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-04-01 | CVE-2002-1639 | Unspecified vulnerability in Oracle Configurator Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host". | 7.5 |
| 2002-03-25 | CVE-2002-0103 | Privilege Escalation vulnerability in Oracle Application Server web Cache 2.0.0.0/2.0.0.1/2.0.0.2 An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | 4.6 |
| 2002-03-25 | CVE-2002-0102 | Denial Of Service vulnerability in Oracle Application Server web Cache 2.0.0.0/2.0.0.1/2.0.0.2 Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | 5.0 |
| 2002-02-26 | CVE-2002-1637 | Local Security vulnerability in Oracle 9i Application Server Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. | 4.6 |
| 2002-02-06 | CVE-2001-1372 | Unspecified vulnerability in Oracle Application Server 1.0.2 Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | 5.0 |
| 2002-02-06 | CVE-2001-1371 | Permissions, Privileges, and Access Controls vulnerability in Oracle Application Server 1.0.2 The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | 7.5 |
| 2001-12-21 | CVE-2001-1217 | Directory Traversal vulnerability in Oracle Application Server 1.0.2 Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. | 5.0 |
| 2001-12-21 | CVE-2001-1216 | Buffer Overflow vulnerability in Oracle Application Server 1.0.2 Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | 7.5 |
| 2001-12-06 | CVE-2001-0836 | Unspecified vulnerability in Oracle Application Server web Cache 2.0.0.1 Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
| 2001-12-06 | CVE-2001-0833 | Buffer Overflow vulnerability in Oracle OTRCREP Oracle Home Environment Variable Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." | 7.2 |