Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-03-25 | CVE-2002-0102 | Denial Of Service vulnerability in Oracle Application Server web Cache 2.0.0.0/2.0.0.1/2.0.0.2 Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | 5.0 |
| 2002-02-26 | CVE-2002-1637 | Local Security vulnerability in Oracle 9i Application Server Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. | 4.6 |
| 2002-02-06 | CVE-2001-1372 | Unspecified vulnerability in Oracle Application Server 1.0.2 Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | 5.0 |
| 2001-12-21 | CVE-2001-1217 | Directory Traversal vulnerability in Oracle Application Server 1.0.2 Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. | 5.0 |
| 2001-12-06 | CVE-2001-0831 | Unspecified vulnerability in Oracle Database Server 8.1.7/9.0.1 Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. | 4.6 |
| 2001-11-30 | CVE-2001-0941 | Unspecified vulnerability in Oracle Database Server Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. | 4.6 |
| 2001-11-29 | CVE-2001-0942 | Unspecified vulnerability in Oracle Database Server 8.1.6/8.1.7 dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. | 4.6 |
| 2001-10-02 | CVE-2001-1255 | WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. | 4.6 |
| 2001-07-21 | CVE-2001-0518 | Unspecified vulnerability in Oracle Oracle9I Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang. | 5.0 |
| 2001-07-21 | CVE-2001-0517 | Unspecified vulnerability in Oracle Oracle8I 8.1.6/8.1.7 Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0. | 5.0 |