Vulnerabilities > Oracle
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2000-03-05 | CVE-2000-0206 | Unspecified vulnerability in Oracle Oracle8I 8.1.5 The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. | 6.2 |
2000-02-08 | CVE-2000-0148 | Unspecified vulnerability in Oracle Mysql MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. | 7.5 |
2000-01-11 | CVE-2000-0045 | Unspecified vulnerability in Oracle Mysql 3.22.27/3.22.29/3.23.8 MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. | 6.4 |
1999-11-25 | CVE-1999-1547 | Improper Input Validation vulnerability in Oracle web Listener 2.1 Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. | 7.5 |
1999-08-16 | CVE-1999-0888 | Unspecified vulnerability in Oracle Database Server and Oracle8I dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. | 4.6 |
1999-04-29 | CVE-1999-0711 | Unspecified vulnerability in Oracle Oracle8I The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. | 4.6 |
1999-03-04 | CVE-1999-1256 | Unspecified vulnerability in Oracle Database Assistant 1.0 Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file. | 4.6 |
1998-12-27 | CVE-1999-1188 | Unspecified vulnerability in Oracle Mysql 3.21 mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. | 4.6 |
1997-09-19 | CVE-1999-1125 | Unspecified vulnerability in Oracle Http Server Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. | 10.0 |
1997-07-23 | CVE-1999-1068 | Unspecified vulnerability in Oracle Http Server 2.1 Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. | 5.0 |