Product:

Oracle8i

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 46
Date Id Summary Products Score Patch Annotated
2004-12-31 CVE-2004-0638 Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument. Oracle8i, Oracle9i N/A
2004-09-02 CVE-2004-0637 Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. Oracle8i, Oracle9i N/A
2003-08-27 CVE-2003-0634 Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. Oracle8i, Oracle9i N/A
2003-05-12 CVE-2003-0222 Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. Database_server, Oracle8i, Oracle9i N/A
2003-03-03 CVE-2003-0096 Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. Database_server, Oracle8i, Oracle9i N/A
2003-03-03 CVE-2003-0095 Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. Database_server, Oracle8i, Oracle9i N/A
2002-10-28 CVE-2002-1118 TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. Oracle8i, Oracle9i N/A
2002-09-05 CVE-2002-0858 catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. Oracle8i, Oracle9i N/A
2002-09-05 CVE-2002-0857 Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. Database_server, Oracle8i N/A
2002-07-03 CVE-2002-0568 Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. Application_server, Oracle8i, Oracle9i N/A