Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2347 | Cross-Site Scripting vulnerability in Oracle Application Server Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | 4.3 |
| 2002-12-31 | CVE-2002-1858 | Unspecified vulnerability in Oracle Application Server Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | 5.0 |
| 2002-12-31 | CVE-2002-1666 | Unspecified vulnerability in Oracle E-Business Suite Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. | 5.0 |
| 2002-12-31 | CVE-2002-1636 | Cross-Site Scripting vulnerability in Oracle Application Server 1.0.2 Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. network oracle | 4.3 |
| 2002-12-31 | CVE-2002-1635 | Unspecified vulnerability in Oracle Application Server The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin. | 5.0 |
| 2002-12-31 | CVE-2002-1632 | Information Disclosure vulnerability in Oracle 9i Application Server Sample Scripts Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | 6.4 |
| 2002-12-23 | CVE-2002-1373 | Unspecified vulnerability in Oracle Mysql Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | 5.0 |
| 2002-11-04 | CVE-2002-0386 | Denial Of Service vulnerability in Oracle Application Server 9.0.2 The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | 5.0 |
| 2002-10-28 | CVE-2002-1118 | Remote Denial Of Service vulnerability in Oracle TNS Listener Service_CurLoad TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. | 5.0 |
| 2002-10-04 | CVE-2002-1089 | Information Disclosure vulnerability in Oracle Application Server and Reports rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. | 5.0 |