CVSS: 7.8EPSS: 4%CPEs: 87EXPL: 0CVE-2004-1368
https://notcve.org/view.php?id=CVE-2004-1368
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. • http://marc.info/?l=bugtraq&m=110382264415387&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/435974 http://www.ngssoftware.com/advisories/oracle23122004E.txt http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18656 •
CVSS: 4.6EPSS: 0%CPEs: 87EXPL: 0CVE-2004-1365
https://notcve.org/view.php?id=CVE-2004-1365
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. • http://marc.info/?l=bugtraq&m=110382471608835&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004C.txt http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18662 •
CVSS: 8.5EPSS: 1%CPEs: 87EXPL: 2CVE-2004-1364 – Oracle 9i/10g - 'extproc' Local/Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1364
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. • https://www.exploit-db.com/exploits/2951 https://www.exploit-db.com/exploits/24353 http://marc.info/?l=bugtraq&m=110382406002365&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004B.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/archive/1/454861/100/0/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 49%CPEs: 7EXPL: 0CVE-2002-1264
https://notcve.org/view.php?id=CVE-2002-1264
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. Desbordamiento de búfer en la aplicación web Oracle iSQL*Plus del servidor de bases de datos Oracle 9 permite a atacantes remotos ejecutar código arbitrario mediante un parámetro de ID de usuario largo en la URL isqlplus • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html http://marc.info/?l=bugtraq&m=103643298712284&w=2 http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf http://www.iss.net/security_center/static/10524.php http://www.osvdb.org/4013 http://www.securityfocus.com/bid/6085 •
CVSS: 5.0EPSS: 10%CPEs: 18EXPL: 1CVE-2002-1118
https://notcve.org/view.php?id=CVE-2002-1118
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. El escuchador TNS en Oracle Net Services de Oracle 9i 9.2.x y 9.0.x, y Oracle 8i 8.1.x, permite a atacantes remotos causar una denegación de servicio (cuelgue o caída) mediante un comando SERVICE_CURLOAD. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf http://www.iss.net/security_center/static/10283.php http://www.securityfocus.com/bid/5678 •