Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Application_server
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 199 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-07-05 | CVE-2005-2093 | Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | Application_server | N/A | ||
| 2005-05-11 | CVE-2005-1496 | The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | Application_server, Oracle10g | N/A | ||
| 2005-05-11 | CVE-2005-1495 | Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | Application_server, Oracle10g, Oracle9i | N/A | ||
| 2005-05-03 | CVE-2005-1383 | The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. | Application_server | N/A | ||
| 2004-12-31 | CVE-2004-2244 | The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | Application_server, Oracle9i | N/A | ||
| 2004-01-28 | CVE-2004-2134 | Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | Application_server | N/A | ||
| 2004-03-30 | CVE-2004-1877 | The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | Application_server, Http_server | N/A | ||
| 2004-08-31 | CVE-2004-1774 | Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. | Application_server, Oracle10g | N/A | ||
| 2004-07-30 | CVE-2004-1707 | The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. | Application_server, Application_server_portal, Database_server_lite, Oracle8i, Oracle9i | N/A | ||
| 2004-08-04 | CVE-2004-1371 | Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. | Application_server, Collaboration_suite, Database_server, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i | N/A |