Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oracle9i
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 52 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-10-11 | CVE-2002-0840 | Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. | Http_server, Application_server, Database_server, Oracle8i, Oracle9i | N/A | ||
| 2006-12-23 | CVE-2006-6703 | Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | Oracle10g, Oracle9i | N/A | ||
| 2006-04-11 | CVE-2006-1705 | Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | Oracle10g, Oracle9i | N/A | ||
| 2006-02-04 | CVE-2006-0552 | Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11. | 10g_enterprise_manager_grid_control, Application_server, Collaboration_suite, Database_server, Developer_suite, E\-Business_suite, Enterpriseone, Oracle10g, Oracle8i, Oracle9i, Peoplesoft_enterprise_portal, Workflow | N/A | ||
| 2006-01-18 | CVE-2006-0272 | Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS. | Oracle10g, Oracle9i | N/A | ||
| 2006-01-18 | CVE-2006-0271 | Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3)... | Database_server, Oracle10g, Oracle8i, Oracle9i | N/A | ||
| 2006-01-18 | CVE-2006-0262 | Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08. | Database_server, Oracle10g, Oracle8i, Oracle9i | N/A | ||
| 2005-11-16 | CVE-2005-3641 | Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | Database_server, Database_server_lite, Oracle10g, Oracle8i, Oracle9i | N/A | ||
| 2005-10-14 | CVE-2005-3204 | Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. | Application_server, Oracle9i | N/A | ||
| 2005-05-11 | CVE-2005-1495 | Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | Application_server, Oracle10g, Oracle9i | N/A |