Filtered by vendor Oracle Subscriptions
Filtered by product Application Server Subscriptions
Total 199 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-3710 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08.
CVE-2006-3712 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07.
CVE-2004-1707 1 Oracle 5 Application Server, Application Server Portal, Database Server Lite and 2 more 2026-04-16 N/A
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
CVE-2002-2345 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
CVE-2000-0169 1 Oracle 1 Application Server 2026-04-16 N/A
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
CVE-2002-1632 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
CVE-2002-1635 1 Oracle 1 Application Server 2026-04-16 N/A
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
CVE-2001-1371 1 Oracle 1 Application Server 2026-04-16 N/A
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
CVE-2004-1364 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2026-04-16 N/A
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
CVE-2004-1367 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2026-04-16 N/A
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
CVE-2004-1368 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2026-04-16 N/A
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
CVE-2004-1371 1 Oracle 10 Application Server, Collaboration Suite, Database Server and 7 more 2026-04-16 N/A
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
CVE-2002-0562 1 Oracle 3 Application Server, Application Server Web Cache, Oracle9i 2026-04-16 N/A
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
CVE-2002-0947 1 Oracle 2 Application Server, Reports 2026-04-16 N/A
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
CVE-2004-1877 1 Oracle 2 Application Server, Http Server 2026-04-16 N/A
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
CVE-2006-3709 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04.
CVE-2006-3711 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06.
CVE-2006-3713 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09.
CVE-2006-1884 3 Jdedwards, Oneworld, Oracle 12 Enterpriseone Tools, Oneworld Tools, Application Server and 9 more 2026-04-16 N/A
Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01.
CVE-2002-1637 1 Oracle 1 Application Server 2026-04-16 N/A
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.