Vulnerabilities > Oracle > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-12-06 | CVE-2001-0836 | Unspecified vulnerability in Oracle Application Server web Cache 2.0.0.1 Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
2001-12-06 | CVE-2001-0833 | Buffer Overflow vulnerability in Oracle OTRCREP Oracle Home Environment Variable Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." | 7.2 |
2001-08-31 | CVE-2001-0943 | Unspecified vulnerability in Oracle Database Server 8.0.5/8.1.5 dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. | 7.2 |
2001-08-22 | CVE-2001-0591 | Unspecified vulnerability in Oracle Application Server and JSP Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | 7.5 |
2001-08-14 | CVE-2001-0528 | Unspecified vulnerability in Oracle E-Business Suite 11I Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges. | 7.2 |
2001-07-17 | CVE-2001-0974 | Unspecified vulnerability in Oracle Internet Directory 2.1.1/3.0.1 Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | 7.5 |
2001-07-16 | CVE-2001-1321 | Denial-Of-Service vulnerability in Internet Directory 2.1.1/3.0.1 Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. | 7.5 |
2001-07-16 | CVE-2001-0975 | Buffer Overflow vulnerability in Oracle Internet Directory 2.1.1/3.0.1 Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | 7.5 |
2001-07-02 | CVE-2001-0419 | Unspecified vulnerability in Oracle Application Server 4.0.8.2 Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/. | 7.5 |
2001-05-03 | CVE-2001-0326 | Remote Security vulnerability in Oracle Application Server and Oracle8I Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission. | 7.5 |