Vulnerabilities > Oracle

DATE CVE VULNERABILITY TITLE RISK
2001-01-19 CVE-2001-1275 Unspecified vulnerability in Oracle Mysql
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
local
low complexity
oracle
7.2
2001-01-09 CVE-2000-1180 Unspecified vulnerability in Oracle Oracle8I 8.1.5
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
local
low complexity
oracle
4.6
2000-12-31 CVE-2000-1236 Unspecified vulnerability in Oracle Application Server
SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.
network
low complexity
oracle
7.5
2000-12-31 CVE-2000-1235 Unspecified vulnerability in Oracle Application Server
The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.
network
low complexity
oracle
5.0
2000-12-19 CVE-2000-0987 Unspecified vulnerability in Oracle Internet Directory and Oracle8I
Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
local
low complexity
oracle
4.6
2000-12-19 CVE-2000-0986 Unspecified vulnerability in Oracle Oracle8I 8.1.5
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
local
low complexity
oracle
4.6
2000-12-19 CVE-2000-0981 Unspecified vulnerability in Oracle Mysql
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
local
low complexity
oracle
7.2
2000-12-19 CVE-2000-0818 Unspecified vulnerability in Oracle Listener 7.3.4/8.0.6/8.1.6
The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.
network
low complexity
oracle
critical
10.0
2000-07-05 CVE-2000-0576 Unspecified vulnerability in Oracle web Listener 4.0.7/4.0.8
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
network
low complexity
oracle
5.0
2000-03-15 CVE-2000-0169 Unspecified vulnerability in Oracle Application Server 4.0
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
network
low complexity
oracle
7.5