Product:

Oracle10g

(Oracle)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 23
Date Id Summary Products Score Patch Annotated
2005-11-16 CVE-2005-3641 Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. Database_server, Database_server_lite, Oracle10g, Oracle8i, Oracle9i N/A
2005-05-11 CVE-2005-1496 The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. Application_server, Oracle10g N/A
2005-05-11 CVE-2005-1495 Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. Application_server, Oracle10g, Oracle9i N/A
2004-08-31 CVE-2004-1774 Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. Application_server, Oracle10g N/A
2004-08-04 CVE-2004-1371 Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. Application_server, Collaboration_suite, Database_server, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1370 Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1369 The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1368 ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1367 Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A
2004-08-04 CVE-2004-1366 Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. Application_server, Collaboration_suite, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control, Oracle10g, Oracle8i, Oracle9i N/A