Vulnerabilities > Oracle > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-03-03 | CVE-2003-0095 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. | 10.0 |
| 2002-05-27 | CVE-2002-1641 | Remotely Exploitable Buffer Overflow vulnerability in Oracle Web Cache Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2001-07-21 | CVE-2001-0499 | Buffer Overflow vulnerability in Oracle 8i TNS Listener Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD. | 10.0 |
| 2001-06-18 | CVE-2001-0249 | Incorrect Calculation of Buffer Size vulnerability in multiple products Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | 9.8 |
| 2000-12-19 | CVE-2000-0818 | Unspecified vulnerability in Oracle Listener 7.3.4/8.0.6/8.1.6 The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. | 10.0 |
| 1997-09-19 | CVE-1999-1125 | Unspecified vulnerability in Oracle Http Server Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. | 10.0 |