Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-07-03 | CVE-2002-0560 | Unspecified vulnerability in Oracle products PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | 5.0 |
| 2002-04-01 | CVE-2002-1640 | Unspecified vulnerability in Oracle Configurator Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet. network oracle | 6.8 |
| 2002-03-25 | CVE-2002-0103 | Privilege Escalation vulnerability in Oracle Application Server web Cache 2.0.0.0/2.0.0.1/2.0.0.2 An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. | 4.6 |
| 2002-03-25 | CVE-2002-0102 | Denial Of Service vulnerability in Oracle Application Server web Cache 2.0.0.0/2.0.0.1/2.0.0.2 Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | 5.0 |
| 2002-02-26 | CVE-2002-1637 | Local Security vulnerability in Oracle 9i Application Server Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. | 4.6 |
| 2002-02-06 | CVE-2001-1372 | Unspecified vulnerability in Oracle Application Server 1.0.2 Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | 5.0 |
| 2001-12-21 | CVE-2001-1217 | Directory Traversal vulnerability in Oracle Application Server 1.0.2 Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. | 5.0 |
| 2001-12-06 | CVE-2001-0831 | Unspecified vulnerability in Oracle Database Server 8.1.7/9.0.1 Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. | 4.6 |
| 2001-11-30 | CVE-2001-0941 | Unspecified vulnerability in Oracle Database Server Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. | 4.6 |
| 2001-11-29 | CVE-2001-0942 | Unspecified vulnerability in Oracle Database Server 8.1.6/8.1.7 dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. | 4.6 |