ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.14%
Published
2001-06-02
Updated
2017-07-11
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
Max CVSS
2.1
EPSS Score
0.06%
Published
2001-12-06
Updated
2016-10-18
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
Max CVSS
2.1
EPSS Score
0.07%
Published
2001-08-31
Updated
2016-10-18
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
Max CVSS
2.1
EPSS Score
93.83%
Published
2002-07-03
Updated
2016-10-18

CVE-2003-0727

Public exploit
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
Max CVSS
2.1
EPSS Score
93.21%
Published
2003-10-20
Updated
2017-09-28
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
Max CVSS
2.1
EPSS Score
0.06%
Published
2004-05-04
Updated
2019-12-17
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.05%
Published
2004-06-01
Updated
2019-12-17
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
Max CVSS
2.6
EPSS Score
0.33%
Published
2004-11-03
Updated
2019-12-17
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
Max CVSS
2.1
EPSS Score
0.09%
Published
2004-10-04
Updated
2023-03-24
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
Max CVSS
2.6
EPSS Score
1.66%
Published
2004-03-30
Updated
2017-07-11
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.06%
Published
2005-05-02
Updated
2019-12-17
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
Max CVSS
2.1
EPSS Score
0.09%
Published
2005-07-18
Updated
2017-07-11
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
Max CVSS
2.1
EPSS Score
0.09%
Published
2005-07-18
Updated
2017-07-11
MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-01-22
Updated
2024-03-21
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
Max CVSS
2.1
EPSS Score
73.74%
Published
2006-04-11
Updated
2018-10-18
Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability
Max CVSS
2.1
EPSS Score
0.10%
Published
2006-07-10
Updated
2024-03-21
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
Max CVSS
2.1
EPSS Score
0.10%
Published
2006-08-09
Updated
2019-12-17
Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02.
Max CVSS
2.6
EPSS Score
0.57%
Published
2006-10-18
Updated
2018-10-17
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.1 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote authenticated attack vectors, aka Vuln# OC4J05.
Max CVSS
2.1
EPSS Score
0.17%
Published
2006-10-18
Updated
2018-10-17
Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.
Max CVSS
2.6
EPSS Score
0.32%
Published
2007-01-17
Updated
2017-07-29
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.
Max CVSS
2.1
EPSS Score
0.09%
Published
2007-01-17
Updated
2017-07-29
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
Max CVSS
2.1
EPSS Score
0.05%
Published
2007-03-12
Updated
2019-12-17
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.
Max CVSS
2.1
EPSS Score
0.06%
Published
2008-10-14
Updated
2017-08-08
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.
Max CVSS
2.1
EPSS Score
0.06%
Published
2009-01-14
Updated
2012-10-23
230 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!