Page 3 of 33 results (0.004 seconds)

CVSS: 9.0EPSS: 83%CPEs: 88EXPL: 0

Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. • http://marc.info/?l=bugtraq&m=110382570313035&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004J.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18666 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 70EXPL: 2

The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. • https://www.exploit-db.com/exploits/24335 http://marc.info/?l=bugtraq&m=109147677214087&w=2 http://secunia.com/advisories/12205 http://www.securityfocus.com/bid/10829 https://exchange.xforce.ibmcloud.com/vulnerabilities/16839 •

CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 0

Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. Desbordamiento de búfer basado en la pila en EXTPROC de Oracle 9i Database Release 2 y 1, y Oracle 8i, permite a usuarios autenticados de la base de datos, posiblemente sólo aquellos con privilegios CREATE LIBRARY o CREATE ANY LIBRARY, ejecutar código arbitrario mediante un nombre de librería largo. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html http://marc.info/?l=bugtraq&m=105914979629857&w=2 http://marc.info/?l=bugtraq&m=105916455814904&w=2 http://marc.info/?l=ntbugtraq&m=105915485303327&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf http://www.kb.cert.org/vuls/id/936868 http://www.securityfocus.com/bid/8267 https://exchange.xforce.ibmcloud.com/vulnerabilities/12721 •

CVSS: 9.0EPSS: 30%CPEs: 31EXPL: 0

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. Desbordamiento de búfer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar código arbitrario mediante una consulta "CREATE DATABASE LINK" conteniendo una cadena de conexión con un parámetro USING largo. • http://marc.info/?l=bugtraq&m=105162831008176&w=2 http://marc.info/?l=ntbugtraq&m=105163376015735&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf http://www.ciac.org/ciac/bulletins/n-085.shtml http://www.securityfocus.com/bid/7453 https://exchange.xforce.ibmcloud.com/vulnerabilities/11885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 67%CPEs: 10EXPL: 0

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. • http://marc.info/?l=bugtraq&m=104549693426042&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf http://www.cert.org/advisories/CA-2003-05.html http://www.ciac.org/ciac/bulletins/n-046.shtml http://www.iss.net/security_center/static/11328.php http://www.kb.cert.org/vuls/id/953746 http://www.osvdb.org/6319 http://www.securityfocus.com/bid/6849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •