CVE-2002-1264
https://notcve.org/view.php?id=CVE-2002-1264
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. Desbordamiento de búfer en la aplicación web Oracle iSQL*Plus del servidor de bases de datos Oracle 9 permite a atacantes remotos ejecutar código arbitrario mediante un parámetro de ID de usuario largo en la URL isqlplus • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html http://marc.info/?l=bugtraq&m=103643298712284&w=2 http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf http://www.iss.net/security_center/static/10524.php http://www.osvdb.org/4013 http://www.securityfocus.com/bid/6085 •
CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •
CVE-2002-1118
https://notcve.org/view.php?id=CVE-2002-1118
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. El escuchador TNS en Oracle Net Services de Oracle 9i 9.2.x y 9.0.x, y Oracle 8i 8.1.x, permite a atacantes remotos causar una denegación de servicio (cuelgue o caída) mediante un comando SERVICE_CURLOAD. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf http://www.iss.net/security_center/static/10283.php http://www.securityfocus.com/bid/5678 •
CVE-2002-0965 – Oracle 8i - TNS Listener SERVICE_NAME Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0965
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. • https://www.exploit-db.com/exploits/16341 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html http://online.securityfocus.com/archive/1/276526 http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf http://www.iss.net/security_center/static/9288.php http://www.kb.cert.org/vuls/id/630091 http://www.securityfocus.com/bid/4845 •
CVE-2002-0856
https://notcve.org/view.php?id=CVE-2002-0856
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. El servidor SQL*NET para Oracle 9i 9.0.x y 9.2 permite a atacantes remotos causar una denegación de sevicio (caída) mediante ciertas peticiones de depuración que no son adecuadamente manejadas por la característica de depuración • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941 http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf http://www.iss.net/security_center/static/9237.php http://www.securityfocus.com/bid/5457 •