CVE-2004-1368
https://notcve.org/view.php?id=CVE-2004-1368
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. • http://marc.info/?l=bugtraq&m=110382264415387&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/435974 http://www.ngssoftware.com/advisories/oracle23122004E.txt http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18656 •
CVE-2004-1369
https://notcve.org/view.php?id=CVE-2004-1369
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. • http://marc.info/?l=bugtraq&m=110382524401468&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004F.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18664 •
CVE-2004-1367
https://notcve.org/view.php?id=CVE-2004-1367
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. • http://marc.info/?l=bugtraq&m=110382247308064&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004D.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.us-cert.gov/cas/techalerts/TA04-245A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2004-1371
https://notcve.org/view.php?id=CVE-2004-1371
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. • http://marc.info/?l=bugtraq&m=110382570313035&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004J.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18666 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-0543
https://notcve.org/view.php?id=CVE-2004-0543
Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries. Múltiples vulnerabilidades de inyección de SQL en Oracle Applications 11.0 y Oracle E-Business Suite 11.5.1 a 11.5.8 permite a atacantes remotos ejecutar procedimientos y consultas SQL de su elección. • http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0032.html http://marc.info/?l=bugtraq&m=108638417302229&w=2 http://otn.oracle.com/deploy/security/pdf/2004alert67.pdf http://www.ciac.org/ciac/bulletins/o-153.shtml http://www.integrigy.com/alerts/OraAppsSQLInjection.htm http://www.kb.cert.org/vuls/id/961579 http://www.securityfocus.com/bid/10465 http://www.us-cert.gov/cas/techalerts/TA04-160A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16324 •