Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2004-08-04 CVE-2004-1371 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
network
low complexity
oracle CWE-119
critical
9.0
2004-06-01 CVE-2004-0385 Unspecified vulnerability in Oracle Application Server web Cache and E-Business Suite
Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener.
network
low complexity
oracle
critical
10.0
2003-09-22 CVE-2003-0780 Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
network
low complexity
mysql oracle conectiva
critical
9.0
2003-05-12 CVE-2003-0222 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
network
low complexity
oracle CWE-119
critical
9.0
2003-03-24 CVE-2003-0150 Privilege Escalation vulnerability in MySQL mysqld
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
network
low complexity
oracle
critical
9.0
2003-03-03 CVE-2003-0095 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
network
low complexity
oracle CWE-119
critical
10.0
2003-03-03 CVE-2003-0096 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
network
low complexity
oracle CWE-119
critical
9.0
2002-05-27 CVE-2002-1641 Remotely Exploitable Buffer Overflow vulnerability in Oracle Web Cache
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
network
low complexity
oracle
critical
10.0
2001-07-21 CVE-2001-0499 Buffer Overflow vulnerability in Oracle 8i TNS Listener
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
network
low complexity
oracle
critical
10.0
2000-12-19 CVE-2000-0818 Unspecified vulnerability in Oracle Listener 7.3.4/8.0.6/8.1.6
The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.
network
low complexity
oracle
critical
10.0