Vulnerabilities > Oracle

DATE CVE VULNERABILITY TITLE RISK
2002-02-06 CVE-2001-1372 Unspecified vulnerability in Oracle Application Server 1.0.2
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
network
low complexity
oracle
5.0
2002-02-06 CVE-2001-1371 Permissions, Privileges, and Access Controls vulnerability in Oracle Application Server 1.0.2
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
network
low complexity
oracle CWE-264
7.5
2001-12-21 CVE-2001-1217 Directory Traversal vulnerability in Oracle Application Server 1.0.2
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with ..
network
low complexity
oracle
5.0
2001-12-21 CVE-2001-1216 Buffer Overflow vulnerability in Oracle Application Server 1.0.2
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
network
low complexity
oracle
7.5
2001-12-06 CVE-2001-0836 Unspecified vulnerability in Oracle Application Server web Cache 2.0.0.1
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
network
low complexity
oracle
7.5
2001-12-06 CVE-2001-0833 Buffer Overflow vulnerability in Oracle OTRCREP Oracle Home Environment Variable
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
local
low complexity
oracle
7.2
2001-12-06 CVE-2001-0832 Local Security vulnerability in Oracle9i Enterprise Edition
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
local
low complexity
oracle
2.1
2001-12-06 CVE-2001-0831 Unspecified vulnerability in Oracle Database Server 8.1.7/9.0.1
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.
local
low complexity
oracle
4.6
2001-11-30 CVE-2001-0941 Unspecified vulnerability in Oracle Database Server
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable.
local
low complexity
oracle
4.6
2001-11-29 CVE-2001-0942 Unspecified vulnerability in Oracle Database Server 8.1.6/8.1.7
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.
local
low complexity
oracle
4.6