Page 2 of 11 results (0.004 seconds)

CVSS: 5.0EPSS: 85%CPEs: 9EXPL: 0

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/307835 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4294 •

CVSS: 5.0EPSS: 78%CPEs: 7EXPL: 0

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. • http://marc.info/?l=bugtraq&m=101301440005580&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/698467 http://www.securityfocus.com/bid/4034 •

CVSS: 7.5EPSS: 85%CPEs: 9EXPL: 0

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/611776 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4292 •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. • http://www.kb.cert.org/vuls/id/291555 http://www.nextgenss.com/vna/ora-webcache.txt http://www.securityfocus.com/bid/4856 •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. El programa de instalación para el Oracle9i Web cache 2.0.0.x crea ejecutables y archivos de configuración con permisos inseguros, que permiten a usuarios locales asignarse privilegios: (1) ejecutar webcache y (2) obtener la contraseña de administrador de webcache.xml. • http://marc.info/?l=bugtraq&m=101041510727937&w=2 http://otn.oracle.com/deploy/security/pdf/webcache2.pdf http://www.iss.net/security_center/static/7766.php http://www.iss.net/security_center/static/7768.php http://www.securityfocus.com/bid/3761 http://www.securityfocus.com/bid/3764 •