Vulnerabilities > Oracle

DATE CVE VULNERABILITY TITLE RISK
2002-07-03 CVE-2002-0562 Information Disclosure vulnerability in Oracle products
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
network
low complexity
oracle
5.0
2002-07-03 CVE-2002-0561 Unspecified vulnerability in Oracle products
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
network
low complexity
oracle
7.5
2002-07-03 CVE-2002-0560 Unspecified vulnerability in Oracle products
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
network
low complexity
oracle
5.0
2002-07-03 CVE-2002-0559 Buffer Overflows vulnerability in Oracle 9iAS Apache PL/SQL Module
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
network
low complexity
oracle
7.5
2002-05-27 CVE-2002-1641 Remotely Exploitable Buffer Overflow vulnerability in Oracle Web Cache
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
network
low complexity
oracle
critical
10.0
2002-04-01 CVE-2002-1640 Unspecified vulnerability in Oracle Configurator
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
network
oracle
6.8
2002-04-01 CVE-2002-1639 Unspecified vulnerability in Oracle Configurator
Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".
network
low complexity
oracle
7.5
2002-03-25 CVE-2002-0103 Privilege Escalation vulnerability in Oracle Application Server web Cache 2.0.0.0/2.0.0.1/2.0.0.2
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
local
low complexity
oracle
4.6
2002-03-25 CVE-2002-0102 Denial Of Service vulnerability in Oracle Application Server web Cache 2.0.0.0/2.0.0.1/2.0.0.2
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.
network
low complexity
oracle
5.0
2002-02-26 CVE-2002-1637 Local Security vulnerability in Oracle 9i Application Server
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
local
low complexity
oracle
4.6