Oracle

Oracle9i

52 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2004-0638

  • EPSS 17.25%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute...

6.5

CVE-2004-1338

  • EPSS 0.3%
  • Published 23.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, the...

6.5

CVE-2004-1339

  • EPSS 0.49%
  • Published 23.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.

10

CVE-2003-1208

Exploit
  • EPSS 8.38%
  • Published 03.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FR...

6.5

CVE-2004-0637

  • EPSS 19.33%
  • Published 02.09.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.

9

CVE-2004-1371

  • EPSS 32.44%
  • Published 04.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

7.5

CVE-2004-1370

  • EPSS 1.81%
  • Published 04.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.S...

5

CVE-2004-1369

  • EPSS 3.78%
  • Published 04.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.

7.8

CVE-2004-1368

  • EPSS 5.3%
  • Published 04.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.

4.4

CVE-2004-1367

  • EPSS 0.38%
  • Published 04.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow loca...