Filtered by vendor Oracle
Subscribe
Total
10321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0591 | 1 Oracle | 2 Application Server, Jsp | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | |||||
| CVE-2006-1883 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05. | |||||
| CVE-2000-0818 | 1 Oracle | 1 Listener | 2025-04-03 | 10.0 HIGH | N/A |
| The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. | |||||
| CVE-2005-2573 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
| The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. | |||||
| CVE-2006-3081 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.0 MEDIUM | N/A |
| mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. | |||||
| CVE-2005-3456 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge. | |||||
| CVE-2000-1235 | 1 Oracle | 1 Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files. | |||||
| CVE-2005-1496 | 1 Oracle | 2 Application Server, Oracle10g | 2025-04-03 | 4.6 MEDIUM | N/A |
| The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | |||||
| CVE-2006-0280 | 1 Oracle | 1 Peoplesoft Enterprise Portal | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01. | |||||
| CVE-2006-1358 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. | |||||
| CVE-2006-3699 | 1 Oracle | 1 Database Server | 2025-04-03 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02. | |||||
| CVE-2001-0499 | 1 Oracle | 1 Oracle8i | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD. | |||||
| CVE-2003-1183 | 1 Oracle | 1 Oracle Files | 2025-04-03 | 4.6 MEDIUM | N/A |
| The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access. | |||||
| CVE-2003-0222 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2025-04-03 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | |||||
| CVE-2006-1035 | 1 Oracle | 2 Diagnostics, E-business Suite | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. | |||||
| CVE-2002-0102 | 1 Oracle | 1 Application Server Web Cache | 2025-04-03 | 5.0 MEDIUM | N/A |
| Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | |||||
| CVE-2005-3447 | 1 Oracle | 2 Application Server, Database Server | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08. | |||||
| CVE-2001-0941 | 1 Oracle | 1 Database Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. | |||||
| CVE-2006-3708 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03. | |||||
| CVE-2002-2345 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | |||||