Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Application_server
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 199 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-11-02 | CVE-2005-3447 | Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08. | Application_server, Database_server | N/A | ||
| 2005-11-02 | CVE-2005-3446 | Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06. | Application_server, Database_server | N/A | ||
| 2005-11-02 | CVE-2005-3445 | Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05. | Application_server, Database_server | N/A | ||
| 2005-10-14 | CVE-2005-3204 | Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. | Application_server, Oracle9i | N/A | ||
| 2005-07-05 | CVE-2005-2093 | Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | Application_server | N/A | ||
| 2005-05-11 | CVE-2005-1496 | The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | Application_server, Oracle10g | N/A | ||
| 2005-05-11 | CVE-2005-1495 | Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | Application_server, Oracle10g, Oracle9i | N/A | ||
| 2005-05-03 | CVE-2005-1383 | The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. | Application_server | N/A | ||
| 2004-12-31 | CVE-2004-2244 | The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | Application_server, Oracle9i | N/A | ||
| 2004-01-28 | CVE-2004-2134 | Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | Application_server | N/A |