Vulnerabilities > Oracle
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-02-06 | CVE-2001-1372 | Unspecified vulnerability in Oracle Application Server 1.0.2 Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | 5.0 |
2002-02-06 | CVE-2001-1371 | Permissions, Privileges, and Access Controls vulnerability in Oracle Application Server 1.0.2 The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | 7.5 |
2001-12-21 | CVE-2001-1217 | Directory Traversal vulnerability in Oracle Application Server 1.0.2 Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. | 5.0 |
2001-12-21 | CVE-2001-1216 | Buffer Overflow vulnerability in Oracle Application Server 1.0.2 Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | 7.5 |
2001-12-06 | CVE-2001-0836 | Unspecified vulnerability in Oracle Application Server web Cache 2.0.0.1 Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
2001-12-06 | CVE-2001-0833 | Buffer Overflow vulnerability in Oracle OTRCREP Oracle Home Environment Variable Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." | 7.2 |
2001-12-06 | CVE-2001-0832 | Local Security vulnerability in Oracle9i Enterprise Edition Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability." | 2.1 |
2001-12-06 | CVE-2001-0831 | Unspecified vulnerability in Oracle Database Server 8.1.7/9.0.1 Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. | 4.6 |
2001-11-30 | CVE-2001-0941 | Unspecified vulnerability in Oracle Database Server Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. | 4.6 |
2001-11-29 | CVE-2001-0942 | Unspecified vulnerability in Oracle Database Server 8.1.6/8.1.7 dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. | 4.6 |