Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2003-11-03 CVE-2003-1193 SQL Injection vulnerability in Oracle9iAS Portal Component
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
network
low complexity
oracle
7.5
2003-08-27 CVE-2003-0634 Buffer Overflow vulnerability in Oracle Database Server EXTPROC
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
network
low complexity
oracle
7.5
2003-08-27 CVE-2003-0632 Remote Security vulnerability in Oracle Applications and E-Business Suite
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
network
low complexity
oracle
7.5
2003-03-03 CVE-2002-0842 Unspecified vulnerability in Oracle Application Server 9.0.2
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g.
network
low complexity
oracle
7.5
2002-12-31 CVE-2002-2345 Credentials Management vulnerability in Oracle Application Server 9.0.2
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
network
low complexity
oracle CWE-255
7.5
2002-12-31 CVE-2002-2153 Unspecified vulnerability in Oracle Application Server 4.0.8/4.0.8.2
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.
network
low complexity
oracle
7.5
2002-12-31 CVE-2002-1923 Unspecified vulnerability in Oracle Mysql
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
network
low complexity
oracle
7.5
2002-12-31 CVE-2002-1921 Unspecified vulnerability in Oracle Mysql
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
network
low complexity
oracle
7.5
2002-12-31 CVE-2002-1882 Authentication Bypassing vulnerability in Oracle E-Business Suite
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
network
low complexity
oracle
7.5
2002-12-31 CVE-2002-1809 Unspecified vulnerability in Oracle Mysql
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
network
low complexity
oracle
7.5