Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-04 | CVE-2004-1365 | Multiple Unspecified vulnerability in Oracle Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. | 4.6 |
| 2004-01-28 | CVE-2004-2134 | Unspecified vulnerability in Oracle Application Server Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | 4.6 |
| 2003-12-31 | CVE-2003-1480 | Cryptographic Issues vulnerability in multiple products MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | 4.3 |
| 2003-12-31 | CVE-2003-1331 | Buffer Overrun vulnerability in MySQL libmysqlclient Library mysql_real_connect() Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | 4.0 |
| 2003-12-31 | CVE-2003-1116 | Unspecified vulnerability in Oracle E-Business Suite The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. | 5.0 |
| 2003-11-17 | CVE-2003-0894 | Local Buffer Overflow vulnerability in Oracle Database Server Oracle Binary Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument. | 4.6 |
| 2003-11-17 | CVE-2003-0841 | Remote Security vulnerability in Oracle Peopletools 8.42 The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request. | 5.0 |
| 2003-10-28 | CVE-2003-1183 | Unspecified vulnerability in Oracle Files 9.0.3.1.0/9.0.3.2.0/9.0.3.3.0 The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access. | 4.6 |
| 2003-08-27 | CVE-2003-0633 | Information Disclosure vulnerability in Oracle Applications and E-Business Suite Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. | 5.0 |
| 2003-02-19 | CVE-2003-0073 | Unspecified vulnerability in Oracle Mysql Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | 5.0 |