Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2005-01-18 CVE-2005-0297 Unspecified vulnerability in Oracle Database Server 10.2.1
SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.
network
low complexity
oracle
7.5
2004-12-31 CVE-2004-0638 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Oracle8I and Oracle9I
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
network
oracle CWE-119
8.5
2004-11-03 CVE-2004-0835 Local vulnerability in MySQL
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
network
low complexity
mysql oracle debian
7.5
2004-08-31 CVE-2004-1774 Buffer Overflow vulnerability in Oracle Application Server and Oracle10G
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
local
low complexity
oracle
7.2
2004-08-04 CVE-2004-1370 Multiple Unspecified vulnerability in Oracle
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
network
low complexity
oracle
7.5
2004-08-04 CVE-2004-1368 Multiple Unspecified vulnerability in Oracle
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
network
low complexity
oracle
7.8
2004-08-04 CVE-2004-1364 Path Traversal vulnerability in Oracle products
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
network
oracle CWE-22
8.5
2004-08-04 CVE-2004-1363 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
local
low complexity
oracle CWE-119
7.2
2004-08-04 CVE-2004-1362 Multiple Unspecified vulnerability in Oracle
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
network
low complexity
oracle
7.5
2004-07-30 CVE-2004-1707 Privilege Escalation vulnerability in Oracle Database Default Library Directory
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
local
low complexity
oracle
7.2