CVSS: 7.2EPSS: 0%CPEs: 70EXPL: 2CVE-2004-1707 – Oracle9i Database - Default Library Directory Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-1707
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. • https://www.exploit-db.com/exploits/24335 http://marc.info/?l=bugtraq&m=109147677214087&w=2 http://secunia.com/advisories/12205 http://www.securityfocus.com/bid/10829 https://exchange.xforce.ibmcloud.com/vulnerabilities/16839 •
CVSS: 2.6EPSS: 1%CPEs: 15EXPL: 0CVE-2004-1877
https://notcve.org/view.php?id=CVE-2004-1877
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. • http://marc.info/?l=bugtraq&m=108067040722235&w=2 http://www.securityfocus.com/bid/10009 https://exchange.xforce.ibmcloud.com/vulnerabilities/15676 •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 3CVE-2004-2134 – OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm
https://notcve.org/view.php?id=CVE-2004-2134
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. • https://www.exploit-db.com/exploits/23611 http://marc.info/?l=bugtraq&m=107531028325112&w=2 http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5 http://www.securityfocus.com/archive/1/352315/30/21430/threaded http://www.securityfocus.com/archive/82/351719 http://www.securityfocus.com/bid/9515 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2003-1193
https://notcve.org/view.php?id=CVE-2003-1193
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. • http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf http://www.securityfocus.com/archive/1/343520 http://www.securityfocus.com/bid/8966 https://exchange.xforce.ibmcloud.com/vulnerabilities/13593 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2002-0842
https://notcve.org/view.php?id=CVE-2002-0842
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). Vulnerabilidad de cadena de formato en ciertas modificaciones de terceros a mod_dav para el registro de mesajes de pasarela erroneos (por ejemplo Oracle 9i Application Server 9.0.2) permite a atacantes remotos ejecutar código arbitrario mediante una URI de destino que fuerza una respuesta "502 Bad Gateway", lo que causa que los especificadores de cadena de formato sean devueltos de dav_lookup_uri() en mod_dav.c, que es entonces usado para llamar a ap_log_error(). • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html http://marc.info/?l=bugtraq&m=104549708626309&w=2 http://marc.info/?l=bugtraq&m=104559446010858&w=2 http://marc.info/?l=bugtraq&m=104560577227981&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf http://www.cert.org/advisories/CA-2003-05.html http://www.ciac.org/ciac/bulletins/n-046.shtml http://www.iss.net/security_center/static/11330.php http://www.kb.cert.org/vuls/id/8499 •