Page 2 of 11 results (0.003 seconds)

CVSS: 9.0EPSS: 30%CPEs: 31EXPL: 0

CVE-2003-0222

https://notcve.org/view.php?id=CVE-2003-0222

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. Desbordamiento de búfer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar código arbitrario mediante una consulta "CREATE DATABASE LINK" conteniendo una cadena de conexión con un parámetro USING largo. • http://marc.info/?l=bugtraq&m=105162831008176&w=2 http://marc.info/?l=ntbugtraq&m=105163376015735&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf http://www.ciac.org/ciac/bulletins/n-085.shtml http://www.securityfocus.com/bid/7453 https://exchange.xforce.ibmcloud.com/vulnerabilities/11885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 97%CPEs: 47EXPL: 1

CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2002-0840

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •

CVSS: 7.5EPSS: 3%CPEs: 27EXPL: 0

CVE-2002-0567

https://notcve.org/view.php?id=CVE-2002-0567

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. • http://marc.info/?l=bugtraq&m=101301332402079&w=2 http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/180147 http://www.securityfocus.com/bid/4033 https://exchange.xforce.ibmcloud.com/vulnerabilities/8089 •

CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0

CVE-2002-0566

https://notcve.org/view.php?id=CVE-2002-0566

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. • http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/805915 http://www.securityfocus.com/bid/4037 https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 •

CVSS: 5.0EPSS: 93%CPEs: 9EXPL: 0

CVE-2002-0563

https://notcve.org/view.php?id=CVE-2002-0563

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://securitytracker.com/id?1009167 http://www.appsecinc.com/Policy/PolicyCheck7024.html http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/168795 http://www.nextgenss.com/papers/hpoas.pdf http://www.osvdb.org/13152 http://www.osvdb.org/705 http://www.securityfocus.com/bid/4293 https://exchange.xforce.ibmcloud.com • CWE-287: Improper Authentication •