Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1636 | Cross-Site Scripting vulnerability in Oracle Application Server 1.0.2 Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. network oracle | 4.3 |
| 2002-12-31 | CVE-2002-1635 | Unspecified vulnerability in Oracle Application Server The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin. | 5.0 |
| 2002-12-31 | CVE-2002-1632 | Information Disclosure vulnerability in Oracle 9i Application Server Sample Scripts Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | 6.4 |
| 2002-12-31 | CVE-2002-1631 | Information Disclosure vulnerability in Oracle 9i Application Server Sample Scripts SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. | 7.5 |
| 2002-12-31 | CVE-2002-1630 | Information Disclosure vulnerability in Oracle 9i Application Server Sample Scripts The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | 7.5 |
| 2002-12-23 | CVE-2002-1376 | Buffer Overflow vulnerability in MySQL libmysqlclient Library Read_Rows libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
| 2002-12-23 | CVE-2002-1375 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | 7.5 |
| 2002-12-23 | CVE-2002-1374 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | 7.5 |
| 2002-12-23 | CVE-2002-1373 | Unspecified vulnerability in Oracle Mysql Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | 5.0 |
| 2002-11-12 | CVE-2002-1264 | Buffer Overflow vulnerability in Oracle 9i Database Server iSQL Plus Malformed USERID Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. | 7.5 |