Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-11-03 | CVE-2003-1193 | SQL Injection vulnerability in Oracle9iAS Portal Component Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | 7.5 |
| 2003-08-27 | CVE-2003-0634 | Buffer Overflow vulnerability in Oracle Database Server EXTPROC Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | 7.5 |
| 2003-08-27 | CVE-2003-0632 | Remote Security vulnerability in Oracle Applications and E-Business Suite Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | 7.5 |
| 2003-03-03 | CVE-2002-0842 | Unspecified vulnerability in Oracle Application Server 9.0.2 Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. | 7.5 |
| 2002-12-31 | CVE-2002-2345 | Credentials Management vulnerability in Oracle Application Server 9.0.2 Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | 7.5 |
| 2002-12-31 | CVE-2002-2153 | Unspecified vulnerability in Oracle Application Server 4.0.8/4.0.8.2 Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | 7.5 |
| 2002-12-31 | CVE-2002-1923 | Unspecified vulnerability in Oracle Mysql The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | 7.5 |
| 2002-12-31 | CVE-2002-1921 | Unspecified vulnerability in Oracle Mysql The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | 7.5 |
| 2002-12-31 | CVE-2002-1882 | Authentication Bypassing vulnerability in Oracle E-Business Suite Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | 7.5 |
| 2002-12-31 | CVE-2002-1809 | Unspecified vulnerability in Oracle Mysql The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | 7.5 |