Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-03-03 | CVE-2002-0842 | Unspecified vulnerability in Oracle Application Server 9.0.2 Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. | 7.5 |
| 2002-12-31 | CVE-2002-2345 | Credentials Management vulnerability in Oracle Application Server 9.0.2 Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | 7.5 |
| 2002-12-31 | CVE-2002-2153 | Unspecified vulnerability in Oracle Application Server 4.0.8/4.0.8.2 Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | 7.5 |
| 2002-12-31 | CVE-2002-1923 | Unspecified vulnerability in Oracle Mysql The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | 7.5 |
| 2002-12-31 | CVE-2002-1921 | Unspecified vulnerability in Oracle Mysql The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | 7.5 |
| 2002-12-31 | CVE-2002-1882 | Authentication Bypassing vulnerability in Oracle E-Business Suite Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | 7.5 |
| 2002-12-31 | CVE-2002-1809 | Unspecified vulnerability in Oracle Mysql The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | 7.5 |
| 2002-12-31 | CVE-2002-1767 | Local Command Parameter Buffer Overflow vulnerability in Oracle Database Server 8.1.5 Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument. | 7.2 |
| 2002-12-31 | CVE-2002-1631 | Information Disclosure vulnerability in Oracle 9i Application Server Sample Scripts SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. | 7.5 |
| 2002-12-31 | CVE-2002-1630 | Information Disclosure vulnerability in Oracle 9i Application Server Sample Scripts The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | 7.5 |