CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2005-0298
https://notcve.org/view.php?id=CVE-2005-0298
10 Feb 2005 — The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. • http://marc.info/?l=bugtraq&m=110608912525883&w=2 •
CVSS: 9.8EPSS: 27%CPEs: 33EXPL: 0CVE-2004-1363
https://notcve.org/view.php?id=CVE-2004-1363
04 Aug 2004 — Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. • http://marc.info/?l=bugtraq&m=110382345829397&w=2 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 30%CPEs: 31EXPL: 0CVE-2003-0222
https://notcve.org/view.php?id=CVE-2003-0222
30 Apr 2003 — Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. Desbordamiento de búfer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar código arbitrario mediante una consulta "CREATE DATABASE LINK" conteniendo una cadena de conexión con un parámetro USING largo. • http://marc.info/?l=bugtraq&m=105162831008176&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 43%CPEs: 10EXPL: 0CVE-2003-0095
https://notcve.org/view.php?id=CVE-2003-0095
03 Mar 2003 — Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. • http://marc.info/?l=bugtraq&m=104549693426042&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 46%CPEs: 10EXPL: 0CVE-2003-0096
https://notcve.org/view.php?id=CVE-2003-0096
21 Feb 2003 — Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 92%CPEs: 47EXPL: 1CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
11 Oct 2002 — Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro... • https://www.exploit-db.com/exploits/21885 •
CVSS: 9.8EPSS: 3%CPEs: 30EXPL: 0CVE-2002-0843
https://notcve.org/view.php?id=CVE-2002-0843
05 Oct 2002 — Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta lar... • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2002-0856
https://notcve.org/view.php?id=CVE-2002-0856
05 Sep 2002 — SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. El servidor SQL*NET para Oracle 9i 9.0.x y 9.2 permite a atacantes remotos causar una denegación de sevicio (caída) mediante ciertas peticiones de depuración que no son adecuadamente manejadas por la característica de depuración • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html •