Vulnerabilities > Oracle > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-23 | CVE-2002-1376 | Buffer Overflow vulnerability in MySQL libmysqlclient Library Read_Rows libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
2002-12-23 | CVE-2002-1375 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | 7.5 |
2002-12-23 | CVE-2002-1374 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | 7.5 |
2002-11-12 | CVE-2002-1264 | Buffer Overflow vulnerability in Oracle 9i Database Server iSQL Plus Malformed USERID Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. | 7.5 |
2002-10-11 | CVE-2002-0969 | Classic Buffer Overflow vulnerability in Oracle Mysql Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. | 7.8 |
2002-10-04 | CVE-2002-0965 | Remote Buffer Overflow vulnerability in Oracle TNSListener SERVICE_NAME Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. | 7.5 |
2002-10-04 | CVE-2002-0947 | Remote Buffer Overflow vulnerability in Oracle Application Server and Reports Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. | 7.5 |
2002-09-05 | CVE-2002-0858 | Remote Security vulnerability in Oracle9i Developer Edition catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. | 7.5 |
2002-09-05 | CVE-2002-0857 | Unspecified vulnerability in Oracle Database Server and Oracle8I Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. | 7.5 |
2002-08-12 | CVE-2002-0656 | Buffer Overflow vulnerability in OpenSSL SSLv3 Session ID Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | 7.5 |