CVSS: 9.8EPSS: 0%CPEs: 101EXPL: 0CVE-2005-3641
https://notcve.org/view.php?id=CVE-2005-3641
16 Nov 2005 — Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. • http://www.ngssoftware.com/papers/database-on-xp.pdf •
CVSS: 9.8EPSS: 25%CPEs: 31EXPL: 0CVE-2003-0222
https://notcve.org/view.php?id=CVE-2003-0222
30 Apr 2003 — Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. Desbordamiento de búfer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar código arbitrario mediante una consulta "CREATE DATABASE LINK" conteniendo una cadena de conexión con un parámetro USING largo. • http://marc.info/?l=bugtraq&m=105162831008176&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 1CVE-2002-1118
https://notcve.org/view.php?id=CVE-2002-1118
28 Oct 2002 — TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. El escuchador TNS en Oracle Net Services de Oracle 9i 9.2.x y 9.0.x, y Oracle 8i 8.1.x, permite a atacantes remotos causar una denegación de servicio (cuelgue o caída) mediante un comando SERVICE_CURLOAD. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html •
CVSS: 6.8EPSS: 92%CPEs: 47EXPL: 1CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
11 Oct 2002 — Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro... • https://www.exploit-db.com/exploits/21885 •
CVSS: 9.8EPSS: 3%CPEs: 30EXPL: 0CVE-2002-0843
https://notcve.org/view.php?id=CVE-2002-0843
05 Oct 2002 — Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta lar... • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2002-0567
https://notcve.org/view.php?id=CVE-2002-0567
03 Jul 2002 — Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. • http://marc.info/?l=bugtraq&m=101301332402079&w=2 •
CVSS: 9.8EPSS: 7%CPEs: 9EXPL: 0CVE-2002-0561
https://notcve.org/view.php?id=CVE-2002-0561
11 Jun 2002 — The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 •
CVSS: 9.1EPSS: 34%CPEs: 9EXPL: 0CVE-2002-0563
https://notcve.org/view.php?id=CVE-2002-0563
11 Jun 2002 — The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2002-0566
https://notcve.org/view.php?id=CVE-2002-0566
11 Jun 2002 — PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. • http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf •