Filtered by vendor Oracle
Subscriptions
Total
10433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3441 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14. | ||||
| CVE-2005-3442 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB09 in Export, (2) DB11 in Materialized Views, and (3) DB16 in Security Service. | ||||
| CVE-2004-0637 | 1 Oracle | 2 Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | ||||
| CVE-2002-0567 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | ||||
| CVE-2005-3203 | 1 Oracle | 1 Html Db | 2026-04-16 | N/A |
| The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | ||||
| CVE-2005-3205 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | ||||
| CVE-2005-3206 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | ||||
| CVE-2005-3207 | 1 Oracle | 1 Forms | 2026-04-16 | N/A |
| The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command. | ||||
| CVE-2001-0941 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. | ||||
| CVE-2003-0150 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Linux | 2026-04-16 | N/A |
| MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | ||||
| CVE-2003-0095 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. | ||||
| CVE-2005-2983 | 1 Oracle | 1 Reports | 2026-04-16 | N/A |
| SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. | ||||
| CVE-2002-1809 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | ||||
| CVE-2002-1666 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. | ||||
| CVE-2002-0856 | 1 Oracle | 2 Database Server, Oracle9i | 2026-04-16 | N/A |
| SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | ||||
| CVE-2002-1632 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | ||||
| CVE-2002-1631 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. | ||||
| CVE-2005-2558 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-04-16 | N/A |
| Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. | ||||
| CVE-2005-2572 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. | ||||
| CVE-2002-0569 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet). | ||||