Filtered by vendor Oracle
Subscriptions
Filtered by product Application Server
Subscriptions
Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0947 | 1 Oracle | 2 Application Server, Reports | 2025-04-03 | N/A |
| Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. | ||||
| CVE-2004-1363 | 1 Oracle | 7 Application Server, Collaboration Suite, Database Server and 4 more | 2025-04-03 | 9.8 Critical |
| Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. | ||||
| CVE-2004-1368 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2025-04-03 | N/A |
| ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. | ||||
| CVE-2004-1371 | 1 Oracle | 10 Application Server, Collaboration Suite, Database Server and 7 more | 2025-04-03 | N/A |
| Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. | ||||
| CVE-2004-1707 | 1 Oracle | 5 Application Server, Application Server Portal, Database Server Lite and 2 more | 2025-04-03 | N/A |
| The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. | ||||
| CVE-2004-1877 | 1 Oracle | 2 Application Server, Http Server | 2025-04-03 | N/A |
| The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | ||||
| CVE-2006-1884 | 3 Jdedwards, Oneworld, Oracle | 12 Enterpriseone Tools, Oneworld Tools, Application Server and 9 more | 2025-04-03 | N/A |
| Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01. | ||||
| CVE-2005-2093 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2006-3708 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03. | ||||
| CVE-2006-3709 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04. | ||||
| CVE-2006-3710 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08. | ||||
| CVE-2006-3711 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06. | ||||
| CVE-2006-3712 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07. | ||||
| CVE-2006-3713 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09. | ||||
| CVE-2006-0586 | 1 Oracle | 2 Application Server, Oracle10g | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues. | ||||
| CVE-2001-0591 | 1 Oracle | 2 Application Server, Jsp | 2025-04-03 | N/A |
| Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | ||||
| CVE-2006-3706 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01. | ||||
| CVE-2002-1089 | 1 Oracle | 2 Application Server, Reports | 2025-04-03 | N/A |
| rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. | ||||
| CVE-2002-0565 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2025-04-03 | N/A |
| Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. | ||||
| CVE-2002-1636 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. | ||||