Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Application_server
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 199 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-12-31 | CVE-2002-2153 | Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | Application_server | N/A | ||
| 2002-12-31 | CVE-2002-1858 | Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | Application_server | N/A | ||
| 2002-02-26 | CVE-2002-1637 | Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. | Application_server | N/A | ||
| 2002-12-31 | CVE-2002-1636 | Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. | Application_server | N/A | ||
| 2002-12-31 | CVE-2002-1635 | The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin. | Application_server | N/A | ||
| 2002-12-31 | CVE-2002-1632 | Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | Application_server | N/A | ||
| 2002-12-31 | CVE-2002-1631 | SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. | Application_server | N/A | ||
| 2002-12-31 | CVE-2002-1630 | The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | Application_server | N/A | ||
| 2002-10-04 | CVE-2002-1089 | rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. | Application_server, Reports | N/A | ||
| 2002-10-04 | CVE-2002-0947 | Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. | Application_server, Reports | N/A |