Oracle9i

oracle9i

Vendor: Oracle • 52 CVEs

CVEs (52)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2004-1366 1Oracle 9Application Server Collaboration SuiteE Business Suite+6 more Apr 16, 2026 Aug 4, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
CVE-2004-1365 1Oracle 9Application Server Collaboration SuiteE Business Suite+6 more Apr 16, 2026 Aug 4, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
CVE-2004-1364 1Oracle 9Application Server Collaboration SuiteE Business Suite+6 more Apr 16, 2026 Aug 4, 2004 N/A· v4 N/A· v3 8.5 HIGH· v2 Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
CVE-2004-1362 1Oracle 9Application Server Collaboration SuiteE Business Suite+6 more Apr 16, 2026 Aug 4, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access re...Show more The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.Show less
CVE-2004-1707 1Oracle 5Application Server Application Server PortalDatabase Server Lite+2 more Apr 16, 2026 Jul 30, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Orac...Show more The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.Show less
CVE-2003-0894 1Oracle 1Oracle9i Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
CVE-2003-1193 1Oracle 2Application Server Portal Oracle9i Apr 16, 2026 Nov 3, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote a...Show more Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.Show less
CVE-2003-0634 1Oracle 2Oracle8i Oracle9i Apr 16, 2026 Aug 27, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary...Show more Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.Show less
CVE-2003-0222 1Oracle 3Database Server Oracle8iOracle9i Apr 16, 2026 May 12, 2003 N/A· v4 N/A· v3 9.0 HIGH· v2 Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long...Show more Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.Show less
CVE-2003-0096 1Oracle 3Database Server Oracle8iOracle9i Apr 16, 2026 Mar 3, 2003 N/A· v4 N/A· v3 9.0 HIGH· v2 Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a...Show more Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.Show less
CVE-2003-0095 1Oracle 3Database Server Oracle8iOracle9i Apr 16, 2026 Mar 3, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applica...Show more Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.Show less
CVE-2002-1264 1Oracle 1Oracle9i Apr 16, 2026 Nov 12, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
CVE-2002-1118 1Oracle 2Oracle8i Oracle9i Apr 16, 2026 Oct 28, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
CVE-2002-0840 2Apache Oracle 5Application Server Database ServerHttp Server+2 more Apr 16, 2026 Oct 11, 2002 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to e...Show more Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.Show less
CVE-2002-0965 1Oracle 1Oracle9i Apr 16, 2026 Oct 4, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when wri...Show more Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.Show less
CVE-2002-0858 1Oracle 2Oracle8i Oracle9i Apr 16, 2026 Sep 5, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
CVE-2002-0856 1Oracle 2Database Server Oracle9i Apr 16, 2026 Sep 5, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
CVE-2002-0509 1Oracle 1Oracle9i Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
CVE-2002-0571 1Oracle 1Oracle9i Apr 16, 2026 Jul 3, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
CVE-2002-0568 1Oracle 3Application Server Oracle8iOracle9i Apr 16, 2026 Jul 3, 2002 N/A· v4 N/A· v3 2.1 LOW· v2 Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapCon...Show more Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.Show less

Previous 123 Next