Buffer overflow of rlogin program using TERM environmental variable.
Max CVSS
10.0
EPSS Score
0.94%
Published
1997-02-06
Updated
2024-02-09
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-04-29
Updated
2016-10-18
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
Max CVSS
5.0
EPSS Score
0.25%
Published
2001-03-12
Updated
2008-09-05
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-08-16
Updated
2008-09-09
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
Max CVSS
5.0
EPSS Score
0.22%
Published
1997-07-23
Updated
2016-10-18
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
Max CVSS
10.0
EPSS Score
0.32%
Published
1997-09-19
Updated
2016-10-18
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
Max CVSS
4.6
EPSS Score
0.06%
Published
1998-12-27
Updated
2019-10-07
Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file.
Max CVSS
4.6
EPSS Score
0.06%
Published
1999-03-04
Updated
2017-12-19
Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.
Max CVSS
7.5
EPSS Score
0.61%
Published
1999-11-25
Updated
2016-10-18
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
Max CVSS
6.4
EPSS Score
0.28%
Published
2000-01-11
Updated
2019-10-07
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
Max CVSS
7.5
EPSS Score
0.33%
Published
2000-02-08
Updated
2019-10-07
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
Max CVSS
7.5
EPSS Score
0.77%
Published
2000-03-15
Updated
2008-09-10
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
Max CVSS
6.2
EPSS Score
0.04%
Published
2000-03-05
Updated
2008-09-10
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
Max CVSS
5.0
EPSS Score
0.24%
Published
2000-07-05
Updated
2008-09-10
The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.
Max CVSS
10.0
EPSS Score
0.69%
Published
2000-12-19
Updated
2017-10-10
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
Max CVSS
7.2
EPSS Score
0.19%
Published
2000-12-19
Updated
2019-10-07
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
Max CVSS
4.6
EPSS Score
0.07%
Published
2000-12-19
Updated
2017-12-19
Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
Max CVSS
4.6
EPSS Score
0.05%
Published
2000-12-19
Updated
2017-12-19
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
Max CVSS
4.6
EPSS Score
0.05%
Published
2001-01-09
Updated
2018-05-03
The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.
Max CVSS
5.0
EPSS Score
0.62%
Published
2000-12-31
Updated
2008-09-05
SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.
Max CVSS
7.5
EPSS Score
0.37%
Published
2000-12-31
Updated
2008-09-10
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
Max CVSS
7.5
EPSS Score
0.89%
Published
2001-03-12
Updated
2017-10-10
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
Max CVSS
10.0
EPSS Score
1.09%
Published
2001-06-18
Updated
2024-02-02
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.14%
Published
2001-06-02
Updated
2017-07-11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!