ReportizFlow
Filtered by vendor Oracle
Subscriptions
Total
10433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2347 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | ||||
| CVE-2005-2573 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-04-16 | N/A |
| The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. | ||||
| CVE-2005-3463 | 1 Oracle | 1 Peoplesoft Enterprise | 2026-04-16 | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03. | ||||
| CVE-2002-2153 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | ||||
| CVE-2000-1236 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL. | ||||
| CVE-2006-1882 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture. | ||||
| CVE-2006-0270 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. | ||||
| CVE-2006-1874 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions. | ||||
| CVE-2006-2753 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2026-04-16 | N/A |
| SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. | ||||
| CVE-2005-3202 | 1 Oracle | 1 Html Db | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. | ||||
| CVE-2002-1375 | 3 Oracle, Redhat, Symantec Veritas | 5 Mysql, Enterprise Linux, Linux and 2 more | 2026-04-16 | N/A |
| The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | ||||
| CVE-2005-3448 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01. | ||||
| CVE-2004-1339 | 1 Oracle | 2 Database Server, Oracle9i | 2026-04-16 | N/A |
| SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters. | ||||
| CVE-2002-0565 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2026-04-16 | N/A |
| Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. | ||||
| CVE-2003-0222 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | ||||
| CVE-2005-0701 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | ||||
| CVE-2006-0548 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. | ||||
| CVE-1999-1188 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. | ||||
| CVE-2003-0727 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions. | ||||
| CVE-2003-0894 | 1 Oracle | 1 Oracle9i | 2026-04-16 | N/A |
| Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument. | ||||