Oracle

Database Server

521 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2005-3205

  • EPSS 0.46%
  • Veröffentlicht 14.10.2005 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when th...

5

CVE-2005-3206

Exploit
  • EPSS 27.02%
  • Veröffentlicht 14.10.2005 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.

5

CVE-2005-0298

  • EPSS 0.34%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information.

7.5

CVE-2005-1197

  • EPSS 0.9%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.

5

CVE-2005-0701

Exploit
  • EPSS 28.78%
  • Veröffentlicht 07.03.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.fre...

7.5

CVE-2005-0297

  • EPSS 0.5%
  • Veröffentlicht 18.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.

6.5

CVE-2004-2345

  • EPSS 0.77%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information.

6.5

CVE-2004-1338

  • EPSS 0.3%
  • Veröffentlicht 23.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, the...

6.5

CVE-2004-1339

  • EPSS 0.49%
  • Veröffentlicht 23.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.

9.8

CVE-2004-1363

  • EPSS 27.66%
  • Veröffentlicht 04.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.