Product:

Oracle9i

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 52
Date Id Summary Products Score Patch Annotated
2004-12-31 CVE-2004-2244 The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. Application_server, Oracle9i N/A
2004-07-30 CVE-2004-1707 The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. Application_server, Application_server_portal, Database_server_lite, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1371 Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. Application_server, Collaboration_suite, Database_server, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1370 Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1369 The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1368 ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1367 Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1366 Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1365 Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1364 Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A