CVE-2005-1381 – Oracle Application Server 9i - Webcache Cache_dump_file Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1381
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. • https://www.exploit-db.com/exploits/25562 https://www.exploit-db.com/exploits/25563 http://marc.info/?l=bugtraq&m=111472423409560&w=2 http://secunia.com/advisories/15143 http://www.osvdb.org/15910 http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html http://www.securityfocus.com/bid/13421 http://www.securityfocus.com/bid/13422 https://exchange.xforce.ibmcloud.com/vulnerabilities/20309 •
CVE-2005-1382 – Oracle Application Server 9i Webcache - Arbitrary File Corruption
https://notcve.org/view.php?id=CVE-2005-1382
The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. • https://www.exploit-db.com/exploits/25561 http://marc.info/?l=bugtraq&m=111472615519295&w=2 http://secunia.com/advisories/15143 http://www.osvdb.org/15909 http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html http://www.securityfocus.com/bid/13420 https://exchange.xforce.ibmcloud.com/vulnerabilities/20310 •
CVE-2004-0385
https://notcve.org/view.php?id=CVE-2004-0385
Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities." • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.html http://marc.info/?l=bugtraq&m=107945649127635&w=2 http://marc.info/?l=bugtraq&m=108144419001770&w=2 http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf http://secunia.com/advisories/11118 http://www.inaccessnetworks.com/ian/services/secadv01.txt http://www.kb.cert.org/vuls/id/413006 http://www.osvdb.org/4249 http://www.securityfocus.com/bid/9868 https://exchange.xforce.ibmcloud.com/vulnerabilities& •
CVE-2002-0559
https://notcve.org/view.php?id=CVE-2002-0559
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. • http://online.securityfocus.com/archive/1/254426 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/313280 http://www.kb.cert.org/vuls/id/659043 http://www.kb.cert.org/vuls/id/750299 http://www.kb.cert.org/vuls/id/878603 http://www.kb.cert.org/vuls/id/923395 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4032 https:// •
CVE-2002-0566
https://notcve.org/view.php?id=CVE-2002-0566
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. • http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/805915 http://www.securityfocus.com/bid/4037 https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 •