CVE-2004-1339
https://notcve.org/view.php?id=CVE-2004-1339
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters. • http://marc.info/?l=bugtraq&m=110382230614420&w=2 http://www.ngssoftware.com/advisories/oracle23122004I.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18655 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2003-1208
https://notcve.org/view.php?id=CVE-2003-1208
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html http://secunia.com/advisories/10805 http://www.ciac.org/ciac/bulletins/o-093.shtml http://www.kb.cert.org/vuls/id/240174 http://www.kb.cert.org/vuls/id/399806 http://www.kb.cert.org/vuls/id/819126 http://www.kb.cert.org/vuls/id/846582 http://www.nextgenss.com/advisories/ora_from_tz.txt http://www.nextgenss.com/advisories/ora_numtodsinterval.txt http://www.nextgenss.com/advisories/ora_num •
CVE-2004-1365
https://notcve.org/view.php?id=CVE-2004-1365
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. • http://marc.info/?l=bugtraq&m=110382471608835&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004C.txt http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18662 •
CVE-2004-1362
https://notcve.org/view.php?id=CVE-2004-1362
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters. • http://marc.info/?l=bugtraq&m=110382306006205&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/435974 http://www.ngssoftware.com/advisories/oracle23122004G.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18657 •
CVE-2004-1364 – Oracle 9i/10g - 'extproc' Local/Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1364
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. • https://www.exploit-db.com/exploits/2951 https://www.exploit-db.com/exploits/24353 http://marc.info/?l=bugtraq&m=110382406002365&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004B.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/archive/1/454861/100/0/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •