Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-31 | CVE-2004-1774 | Buffer Overflow vulnerability in Oracle Application Server and Oracle10G Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. | 7.2 |
| 2004-08-04 | CVE-2004-1370 | Multiple Unspecified vulnerability in Oracle Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. | 7.5 |
| 2004-08-04 | CVE-2004-1368 | Multiple Unspecified vulnerability in Oracle ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. | 7.8 |
| 2004-08-04 | CVE-2004-1364 | Path Traversal vulnerability in Oracle products Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | 8.5 |
| 2004-08-04 | CVE-2004-1362 | Multiple Unspecified vulnerability in Oracle The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters. | 7.5 |
| 2004-07-30 | CVE-2004-1707 | Privilege Escalation vulnerability in Oracle Database Default Library Directory The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. | 7.2 |
| 2003-11-03 | CVE-2003-1193 | SQL Injection vulnerability in Oracle9iAS Portal Component Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | 7.5 |
| 2003-08-27 | CVE-2003-0634 | Buffer Overflow vulnerability in Oracle Database Server EXTPROC Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | 7.5 |
| 2003-08-27 | CVE-2003-0632 | Remote Security vulnerability in Oracle Applications and E-Business Suite Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | 7.5 |
| 2003-06-30 | CVE-2003-0411 | Improper Handling of Case Sensitivity vulnerability in Oracle SUN ONE Application Server 7.0 Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | 7.5 |