CVSS: 9.8EPSS: 0%CPEs: 101EXPL: 0CVE-2005-3641
https://notcve.org/view.php?id=CVE-2005-3641
16 Nov 2005 — Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. • http://www.ngssoftware.com/papers/database-on-xp.pdf •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 1CVE-2005-3438
https://notcve.org/view.php?id=CVE-2005-3438
02 Nov 2005 — Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038061.html •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2005-0298
https://notcve.org/view.php?id=CVE-2005-0298
10 Feb 2005 — The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. • http://marc.info/?l=bugtraq&m=110608912525883&w=2 •
CVSS: 9.8EPSS: 30%CPEs: 31EXPL: 0CVE-2003-0222
https://notcve.org/view.php?id=CVE-2003-0222
30 Apr 2003 — Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. Desbordamiento de búfer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar código arbitrario mediante una consulta "CREATE DATABASE LINK" conteniendo una cadena de conexión con un parámetro USING largo. • http://marc.info/?l=bugtraq&m=105162831008176&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 43%CPEs: 10EXPL: 0CVE-2003-0095
https://notcve.org/view.php?id=CVE-2003-0095
03 Mar 2003 — Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. • http://marc.info/?l=bugtraq&m=104549693426042&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 46%CPEs: 10EXPL: 0CVE-2003-0096
https://notcve.org/view.php?id=CVE-2003-0096
21 Feb 2003 — Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2002-0857
https://notcve.org/view.php?id=CVE-2002-0857
20 Aug 2002 — Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. Vulnerabilidad de formato de cadenas en la utilidad Oracle Listener Control (lsnrctl) en Oracle 9.2, 9.0, 8.1 y 7.3.4 permite a atacantes remotos ejecutar código arbitrario el sitstema Oracle DBA mediante la introducción de cadenas de f... • http://marc.info/?l=bugtraq&m=102933735716634&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2002-0567
https://notcve.org/view.php?id=CVE-2002-0567
03 Jul 2002 — Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. • http://marc.info/?l=bugtraq&m=101301332402079&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2001-0833 – Oracle OTRCREP Oracle 8/9 - Home Environment Variable Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0833
06 Dec 2001 — Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." • https://www.exploit-db.com/exploits/21045 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2001-0941 – Oracle 8/9i - DBSNMP Oracle Home Environment Variable Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0941
30 Nov 2001 — Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. • https://www.exploit-db.com/exploits/21044 •