Note:
This project will be discontinued after December 13, 2021. [more]
Product:
E\-Business_suite
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-08-04 | CVE-2004-1362 | The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters. | Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i | N/A | ||
| 2004-08-06 | CVE-2004-0543 | Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries. | Applications, E\-Business_suite | N/A | ||
| 2004-06-01 | CVE-2004-0385 | Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities." | Application_server_web_cache, E\-Business_suite | N/A | ||
| 2003-12-31 | CVE-2003-1116 | The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. | E\-Business_suite | N/A | ||
| 2003-08-27 | CVE-2003-0633 | Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. | Applications, E\-Business_suite | N/A | ||
| 2003-08-27 | CVE-2003-0632 | Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | Applications, E\-Business_suite | N/A | ||
| 2002-12-31 | CVE-2002-1882 | Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | E\-Business_suite | N/A | ||
| 2002-12-31 | CVE-2002-1666 | Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. | E\-Business_suite | N/A | ||
| 2001-08-14 | CVE-2001-0528 | Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges. | E\-Business_suite | N/A | ||
| 2019-04-23 | CVE-2019-2551 | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle... | E\-Business_suite | 8.2 |