The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-04-29
Updated
2016-10-18
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-08-16
Updated
2008-09-09
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
Max CVSS
4.6
EPSS Score
0.06%
Published
1998-12-27
Updated
2019-10-07
Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file.
Max CVSS
4.6
EPSS Score
0.06%
Published
1999-03-04
Updated
2017-12-19
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
Max CVSS
4.6
EPSS Score
0.07%
Published
2000-12-19
Updated
2017-12-19
Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
Max CVSS
4.6
EPSS Score
0.05%
Published
2000-12-19
Updated
2017-12-19
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
Max CVSS
4.6
EPSS Score
0.05%
Published
2001-01-09
Updated
2018-05-03
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-06-27
Updated
2019-10-07
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.
Max CVSS
4.6
EPSS Score
0.06%
Published
2001-12-06
Updated
2016-10-18
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable.
Max CVSS
4.6
EPSS Score
0.05%
Published
2001-11-30
Updated
2017-07-11
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.
Max CVSS
4.6
EPSS Score
0.06%
Published
2001-11-29
Updated
2017-07-11
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
Max CVSS
4.6
EPSS Score
0.06%
Published
2001-10-02
Updated
2019-10-07
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
Max CVSS
4.6
EPSS Score
0.07%
Published
2002-03-25
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.
Max CVSS
4.3
EPSS Score
0.16%
Published
2002-12-31
Updated
2017-07-11
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-02-26
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.
Max CVSS
4.3
EPSS Score
0.14%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
Max CVSS
4.6
EPSS Score
0.08%
Published
2003-11-17
Updated
2017-07-11
The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-10-28
Updated
2017-07-11
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
Max CVSS
4.0
EPSS Score
0.14%
Published
2003-12-31
Updated
2019-10-07
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
Max CVSS
4.3
EPSS Score
2.25%
Published
2003-12-31
Updated
2019-12-17
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-09-28
Updated
2019-12-17
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
Max CVSS
4.6
EPSS Score
0.05%
Published
2004-08-04
Updated
2017-07-11
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
Max CVSS
4.6
EPSS Score
0.05%
Published
2004-08-04
Updated
2017-07-11
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
Max CVSS
4.4
EPSS Score
0.05%
Published
2004-08-04
Updated
2016-10-18
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-01-28
Updated
2018-10-19
2076 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!