CVSS: 9.8EPSS: 1%CPEs: 87EXPL: 0CVE-2004-1370
https://notcve.org/view.php?id=CVE-2004-1370
04 Aug 2004 — Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. • http://marc.info/?l=bugtraq&m=110382596129607&w=2 •
CVSS: 9.8EPSS: 32%CPEs: 88EXPL: 0CVE-2004-1371
https://notcve.org/view.php?id=CVE-2004-1371
04 Aug 2004 — Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. • http://marc.info/?l=bugtraq&m=110382570313035&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 20%CPEs: 70EXPL: 2CVE-2004-1707 – Oracle9i Database - Default Library Directory Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-1707
30 Jul 2004 — The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. • https://www.exploit-db.com/exploits/24335 •
CVSS: 9.8EPSS: 30%CPEs: 31EXPL: 0CVE-2003-0222
https://notcve.org/view.php?id=CVE-2003-0222
30 Apr 2003 — Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. Desbordamiento de búfer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar código arbitrario mediante una consulta "CREATE DATABASE LINK" conteniendo una cadena de conexión con un parámetro USING largo. • http://marc.info/?l=bugtraq&m=105162831008176&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 43%CPEs: 10EXPL: 0CVE-2003-0095
https://notcve.org/view.php?id=CVE-2003-0095
03 Mar 2003 — Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. • http://marc.info/?l=bugtraq&m=104549693426042&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 46%CPEs: 10EXPL: 0CVE-2003-0096
https://notcve.org/view.php?id=CVE-2003-0096
21 Feb 2003 — Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 92%CPEs: 47EXPL: 1CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
11 Oct 2002 — Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro... • https://www.exploit-db.com/exploits/21885 •
CVSS: 9.8EPSS: 3%CPEs: 30EXPL: 0CVE-2002-0843
https://notcve.org/view.php?id=CVE-2002-0843
05 Oct 2002 — Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta lar... • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2002-0856
https://notcve.org/view.php?id=CVE-2002-0856
05 Sep 2002 — SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. El servidor SQL*NET para Oracle 9i 9.0.x y 9.2 permite a atacantes remotos causar una denegación de sevicio (caída) mediante ciertas peticiones de depuración que no son adecuadamente manejadas por la característica de depuración • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2002-0857
https://notcve.org/view.php?id=CVE-2002-0857
20 Aug 2002 — Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. Vulnerabilidad de formato de cadenas en la utilidad Oracle Listener Control (lsnrctl) en Oracle 9.2, 9.0, 8.1 y 7.3.4 permite a atacantes remotos ejecutar código arbitrario el sitstema Oracle DBA mediante la introducción de cadenas de f... • http://marc.info/?l=bugtraq&m=102933735716634&w=2 •