CVSS: 8.5EPSS: 15%CPEs: 87EXPL: 2CVE-2004-1364 – Oracle 9i/10g - 'extproc' Local/Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1364
04 Aug 2004 — Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. • https://www.exploit-db.com/exploits/2951 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 87EXPL: 0CVE-2004-1365
https://notcve.org/view.php?id=CVE-2004-1365
04 Aug 2004 — Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. • http://marc.info/?l=bugtraq&m=110382471608835&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 87EXPL: 1CVE-2004-1366
https://notcve.org/view.php?id=CVE-2004-1366
04 Aug 2004 — Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 87EXPL: 0CVE-2004-1367
https://notcve.org/view.php?id=CVE-2004-1367
04 Aug 2004 — Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. • http://marc.info/?l=bugtraq&m=110382247308064&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 87EXPL: 0CVE-2004-1368
https://notcve.org/view.php?id=CVE-2004-1368
04 Aug 2004 — ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. • http://marc.info/?l=bugtraq&m=110382264415387&w=2 •
CVSS: 7.5EPSS: 3%CPEs: 87EXPL: 0CVE-2004-1369
https://notcve.org/view.php?id=CVE-2004-1369
04 Aug 2004 — The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. • http://marc.info/?l=bugtraq&m=110382524401468&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 87EXPL: 0CVE-2004-1370
https://notcve.org/view.php?id=CVE-2004-1370
04 Aug 2004 — Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. • http://marc.info/?l=bugtraq&m=110382596129607&w=2 •
CVSS: 9.8EPSS: 32%CPEs: 88EXPL: 0CVE-2004-1371
https://notcve.org/view.php?id=CVE-2004-1371
04 Aug 2004 — Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. • http://marc.info/?l=bugtraq&m=110382570313035&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 20%CPEs: 70EXPL: 2CVE-2004-1707 – Oracle9i Database - Default Library Directory Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-1707
30 Jul 2004 — The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. • https://www.exploit-db.com/exploits/24335 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2003-0894
https://notcve.org/view.php?id=CVE-2003-0894
25 Oct 2003 — Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument. Desbordamiento de búfer en oracle y oracleO en Oracle 9i Database 9.0.x y 9.2.x anteriores a 9.2.0.4 permite a usuarios locales ejecutar código arbitrario mediante un argumento de línea de comandos muy grande. • http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf •