Page 6 of 38 results (0.002 seconds)

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. El servidor SQL*NET para Oracle 9i 9.0.x y 9.2 permite a atacantes remotos causar una denegación de sevicio (caída) mediante ciertas peticiones de depuración que no son adecuadamente manejadas por la característica de depuración • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941 http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf http://www.iss.net/security_center/static/9237.php http://www.securityfocus.com/bid/5457 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. • http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf http://www.ciac.org/ciac/bulletins/m-071.shtml http://www.iss.net/security_center/static/8855.php http://www.osvdb.org/5236 http://www.securityfocus.com/bid/4523 •

CVSS: 7.5EPSS: 3%CPEs: 27EXPL: 0

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. • http://marc.info/?l=bugtraq&m=101301332402079&w=2 http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/180147 http://www.securityfocus.com/bid/4033 https://exchange.xforce.ibmcloud.com/vulnerabilities/8089 •

CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. • http://online.securityfocus.com/archive/1/254426 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/313280 http://www.kb.cert.org/vuls/id/659043 http://www.kb.cert.org/vuls/id/750299 http://www.kb.cert.org/vuls/id/878603 http://www.kb.cert.org/vuls/id/923395 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4032 https:// •

CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. • http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/805915 http://www.securityfocus.com/bid/4037 https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 •