CVSS: 6.8EPSS: 95%CPEs: 1EXPL: 5CVE-2005-1381 – Oracle Application Server 9i - Webcache Cache_dump_file Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1381
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. • https://www.exploit-db.com/exploits/25562 https://www.exploit-db.com/exploits/25563 http://marc.info/?l=bugtraq&m=111472423409560&w=2 http://secunia.com/advisories/15143 http://www.osvdb.org/15910 http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html http://www.securityfocus.com/bid/13421 http://www.securityfocus.com/bid/13422 https://exchange.xforce.ibmcloud.com/vulnerabilities/20309 •
CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 3CVE-2005-1382 – Oracle Application Server 9i Webcache - Arbitrary File Corruption
https://notcve.org/view.php?id=CVE-2005-1382
The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. • https://www.exploit-db.com/exploits/25561 http://marc.info/?l=bugtraq&m=111472615519295&w=2 http://secunia.com/advisories/15143 http://www.osvdb.org/15909 http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html http://www.securityfocus.com/bid/13420 https://exchange.xforce.ibmcloud.com/vulnerabilities/20310 •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0CVE-2004-2244
https://notcve.org/view.php?id=CVE-2004-2244
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. • http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf http://secunia.com/advisories/10936 http://www.osvdb.org/4011 http://www.securityfocus.com/bid/9703 https://exchange.xforce.ibmcloud.com/vulnerabilities/15270 •
CVSS: 7.2EPSS: 97%CPEs: 4EXPL: 4CVE-2004-1774 – Oracle Database 10.1 - MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1774
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. • https://www.exploit-db.com/exploits/25397 http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/025984.html http://www.appsecinc.com/resources/alerts/oracle/2004-0001 http://www.frsirt.com/exploits/20050413.OracleExploit.sql.php http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securiteam.com/securitynews/5CP010KE0W.html http://www.securityfocus.com/bid/13145 https://exchange.xforce.ibmcloud.com/vulnerabilities/20078 •
CVSS: 9.8EPSS: 10%CPEs: 33EXPL: 0CVE-2004-1363
https://notcve.org/view.php?id=CVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. • http://marc.info/?l=bugtraq&m=110382345829397&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18659 • CWE-131: Incorrect Calculation of Buffer Size •