CVSS: 7.5EPSS: 90%CPEs: 77EXPL: 4CVE-2019-0227 – Apache Axis 1.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-0227
10 Apr 2019 — A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. Una vulnerabilidad de tipo SSRF (Server Side Request Forgery) afectó a la distribución de Apache Axis 1.4 que fue lanzada por última vez en 2006. ... • https://packetstorm.news/files/id/152462 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 2%CPEs: 76EXPL: 1CVE-2018-8032
https://notcve.org/view.php?id=CVE-2018-8032
02 Aug 2018 — Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Apache Axis en versiones 1.x hasta la 1.4 (incluida) es vulnerable a un ataque de Cross-Site Scripting (XSS) en el servlet/services por defecto. • https://github.com/cairuojin/CVE-2018-8032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-2601
https://notcve.org/view.php?id=CVE-2018-2601
18 Jan 2018 — Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can res... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2001-0974
https://notcve.org/view.php?id=CVE-2001-0974
17 Jul 2001 — Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. • http://www.cert.org/advisories/CA-2001-18.html •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2001-1321
https://notcve.org/view.php?id=CVE-2001-1321
16 Jul 2001 — Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. • http://ciac.llnl.gov/ciac/bulletins/l-116.shtml •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0CVE-2001-0975
https://notcve.org/view.php?id=CVE-2001-0975
16 Jul 2001 — Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. • http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0300
https://notcve.org/view.php?id=CVE-2001-0300
04 Apr 2001 — oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. • http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2000-0987 – Oracle (oidldapd connect) - Local Command Line Overflow
https://notcve.org/view.php?id=CVE-2000-0987
29 Nov 2000 — Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter. • https://www.exploit-db.com/exploits/183 •