Oracle Application Server — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Application Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (198)
CVE-2006-0285 — CVSS 10.0 (critical): Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and…
CVE-2005-3446 — CVSS 10.0 (critical): Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0…
CVE-2005-3448 — CVSS 10.0 (critical): Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as…
CVE-2005-3449 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified…
CVE-2005-3450 — CVSS 10.0 (critical): Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as…
CVE-2005-3451 — CVSS 10.0 (critical): Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as…
CVE-2005-3452 — CVSS 10.0 (critical): Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified…
CVE-2005-3453 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as…
CVE-2006-0273 — CVSS 10.0 (critical): Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack…
CVE-2006-0274 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified…
CVE-2006-5353 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and…
CVE-2006-0282 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2…
CVE-2006-0283 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version…
CVE-2006-0284 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10…
CVE-2005-3445 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to…
CVE-2006-0286 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and…
CVE-2006-0287 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has…
CVE-2006-0288 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite…
CVE-2006-0289 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have…
CVE-2006-0290 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2…
CVE-2006-0291 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite…
CVE-2008-0340 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and…
CVE-2006-5359 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle…
CVE-2006-5358 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote…
CVE-2006-5357 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown…
CVE-2008-0349 — CVSS 10.0 (critical): Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has…
CVE-2008-0343 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown…
CVE-2006-5356 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, and…
CVE-2006-5355 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0…
CVE-2006-5354 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0…
CVE-2008-0348 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18…
CVE-2006-1884 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has…
CVE-2006-3710 — CVSS 10.0 (critical): Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack…
CVE-2006-3708 — CVSS 10.0 (critical): Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and…
CVE-2008-0347 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and…
CVE-2007-5531 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager…
CVE-2008-0346 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has…
CVE-2007-5526 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration…
CVE-2007-2124 — CVSS 10.0 (critical): Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka…
CVE-2007-2123 — CVSS 10.0 (critical): Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and…
CVE-2007-2122 — CVSS 10.0 (critical): Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03.
CVE-2008-0345 — CVSS 10.0 (critical): Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
CVE-2008-0344 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack…
CVE-2007-2121 — CVSS 10.0 (critical): Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka…
CVE-2008-1812 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and…
CVE-2006-5366 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and remote attack vectors related to (1)…
CVE-2006-5365 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications…
CVE-2006-5362 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1.3.0.0 has unknown impact and remote…
CVE-2008-1824 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3…
CVE-2006-5361 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle…
CVE-2006-5360 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown impact and remote attack vectors, aka…
CVE-2004-1363 — CVSS 9.8 (critical): Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name…
CVE-2008-7233 — CVSS 9.3 (critical): Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite…
CVE-2008-1814 — CVSS 9.0 (critical): Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8…
CVE-2007-2130 — CVSS 9.0 (critical): Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server…
CVE-2004-1371 — CVSS 9.0 (critical): Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a…
CVE-2004-1364 — CVSS 8.5 (high): Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the…
CVE-2007-2120 — CVSS 7.8 (high): The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an…
CVE-2004-1368 — CVSS 7.8 (high): ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file…
CVE-2020-1967 — CVSS 7.5 (high): Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer…
CVE-2000-1236 — CVSS 7.5 (high): SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute…
CVE-2001-0326 — CVSS 7.5 (high): Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read…
CVE-2001-0419 — CVSS 7.5 (high): Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server…
CVE-2001-0591 — CVSS 7.5 (high): Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read…
CVE-2001-1216 — CVSS 7.5 (high): Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long…
CVE-2001-1371 — CVSS 7.5 (high): The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by…
CVE-2002-0559 — CVSS 7.5 (high): Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or…
CVE-2002-0561 — CVSS 7.5 (high): The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null…
CVE-2002-0564 — CVSS 7.5 (high): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access…
CVE-2002-0569 — CVSS 7.5 (high): Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL…
CVE-2002-0655 — CVSS 7.5 (high): OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms…
CVE-2002-0656 — CVSS 7.5 (high): Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a…
CVE-2002-0842 — CVSS 7.5 (high): Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application…
CVE-2002-0843 — CVSS 7.5 (high): Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a…
CVE-2002-0947 — CVSS 7.5 (high): Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows…
CVE-2002-1630 — CVSS 7.5 (high): The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
CVE-2002-1631 — CVSS 7.5 (high): SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute…
CVE-2002-2153 — CVSS 7.5 (high): Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote…
CVE-2002-2345 — CVSS 7.5 (high): Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to…
CVE-2004-1362 — CVSS 7.5 (high): The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform…
CVE-2004-1370 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to…
CVE-2005-1383 — CVSS 7.5 (high): The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP…
CVE-2005-1495 — CVSS 7.5 (high): Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes…
CVE-2006-0435 — CVSS 7.5 (high): Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2…
CVE-2006-0552 — CVSS 7.5 (high): Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has…
CVE-2006-0586 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands…
CVE-2007-0280 — CVSS 7.5 (high): Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and…
CVE-2007-3859 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3…
CVE-2007-3861 — CVSS 7.5 (high): Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows…
CVE-2007-3862 — CVSS 7.5 (high): Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle…
CVE-2007-3863 — CVSS 7.5 (high): Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows…
CVE-2007-5516 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Process Mgmt & Notification component in Oracle Application Server 10.1.3.3 has unknown impact and…
CVE-2007-5517 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite…
CVE-2007-5518 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 10.1.3.2 has unknown impact and remote attack…
CVE-2007-5519 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite…
CVE-2007-5520 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application…
CVE-2007-5521 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and…
CVE-2007-5522 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack…
CVE-2007-5523 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and…
CVE-2007-5524 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and…
CVE-2007-5525 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and…
CVE-2009-0993 — CVSS 7.5 (high): Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality…
CVE-2000-0169 — CVSS 7.5 (high): Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
CVE-2004-1774 — CVSS 7.2 (high): Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows…
CVE-2004-1707 — CVSS 7.2 (high): The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and…
CVE-2007-2119 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as…
CVE-2008-7234 — CVSS 6.8 (medium): Unspecified vulnerability in the Oracle BPEL Worklist Application component in Oracle Application Server 10.1.2.2 and 10.1.3.3 allows…
CVE-2002-0840 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when…
CVE-2007-0284 — CVSS 6.4 (medium): Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown…
CVE-2008-2609 — CVSS 6.4 (medium): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact…
CVE-2007-0289 — CVSS 6.4 (medium): Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle…
CVE-2002-1632 — CVSS 6.4 (medium): Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other…
CVE-2008-2589 — CVSS 6.4 (medium): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact…
CVE-2018-0735 — CVSS 5.9 (medium): The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in…
CVE-2009-0989 — CVSS 5.5 (medium): Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote…
CVE-2009-0990 — CVSS 5.5 (medium): Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote…
CVE-2007-3854 — CVSS 5.5 (medium): Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown…
CVE-2008-4014 — CVSS 5.5 (medium): Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to…
CVE-2004-1369 — CVSS 5.0 (medium): The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR…
CVE-2008-3977 — CVSS 5.0 (medium): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to…
CVE-2002-1858 — CVSS 5.0 (medium): Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files…
CVE-2002-1635 — CVSS 5.0 (medium): The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a…
CVE-2007-0222 — CVSS 5.0 (medium): Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to…
CVE-2008-4017 — CVSS 5.0 (medium): Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via…
CVE-2000-1235 — CVSS 5.0 (medium): The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow…
CVE-2006-0275 — CVSS 5.0 (medium): Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack…
CVE-2006-3714 — CVSS 5.0 (medium): Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle…
CVE-2001-1217 — CVSS 5.0 (medium): Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access…
CVE-2002-1089 — CVSS 5.0 (medium): rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable…
CVE-2007-0285 — CVSS 5.0 (medium): Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and…
CVE-2002-0659 — CVSS 5.0 (medium): The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via…
CVE-2002-0566 — CVSS 5.0 (medium): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP…
CVE-2002-0565 — CVSS 5.0 (medium): Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote…
CVE-2002-0563 — CVSS 5.0 (medium): The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without…
CVE-2002-0562 — CVSS 5.0 (medium): The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which…
CVE-2002-0560 — CVSS 5.0 (medium): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL…
CVE-2002-0386 — CVSS 5.0 (medium): The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of…
CVE-2001-1372 — CVSS 5.0 (medium): Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a…
CVE-2009-0217 — CVSS 5.0 (medium): The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle…
CVE-2006-3712 — CVSS 5.0 (medium): Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle…
CVE-2008-3975 — CVSS 5.0 (medium): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to…
CVE-2006-3706 — CVSS 5.0 (medium): Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01.
CVE-2007-0281 — CVSS 5.0 (medium): Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3…
CVE-2006-3709 — CVSS 5.0 (medium): Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka…
CVE-2010-0066 — CVSS 5.0 (medium): Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote…
CVE-2010-0067 — CVSS 5.0 (medium): Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote…
CVE-2004-2244 — CVSS 5.0 (medium): The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and…
CVE-2018-5407 — CVSS 4.7 (medium): Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel…
CVE-2005-1496 — CVSS 4.6 (medium): The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER…
CVE-2004-1365 — CVSS 4.6 (medium): Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute…
CVE-2004-2134 — CVSS 4.6 (medium): Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
CVE-2002-1637 — CVSS 4.6 (medium): Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS…
CVE-2004-1366 — CVSS 4.6 (medium): Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could…
CVE-2004-1367 — CVSS 4.4 (medium): Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user…
CVE-2009-1009 — CVSS 4.4 (medium): Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect…
CVE-2009-1010 — CVSS 4.4 (medium): Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect…
CVE-2009-1011 — CVSS 4.4 (medium): Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect…
CVE-2009-1008 — CVSS 4.4 (medium): Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect…
CVE-2009-0974 — CVSS 4.3 (medium): Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect…
CVE-2007-1609 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g…
CVE-2002-2347 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3)…
CVE-2002-1636 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to…
CVE-2007-3553 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject…
CVE-2009-1976 — CVSS 4.3 (medium): Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity…
CVE-2009-1999 — CVSS 4.3 (medium): Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions…
CVE-2009-3407 — CVSS 4.3 (medium): Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect…
CVE-2010-0070 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote…
CVE-2008-2583 — CVSS 4.3 (medium): Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available…
CVE-2008-2593 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote…
CVE-2008-2614 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3 has unknown…
CVE-2008-5438 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to…
CVE-2008-7235 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote…
CVE-2008-7236 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 and 10.1.3.1 allows remote attackers to…
CVE-2009-0983 — CVSS 4.3 (medium): Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect…
CVE-2005-3204 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query…
CVE-2005-2093 — CVSS 4.3 (medium): Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall…
CVE-2006-3713 — CVSS 4.0 (medium): Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09.
CVE-2009-0996 — CVSS 4.0 (medium): Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote…
CVE-2008-7237 — CVSS 4.0 (medium): Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote…
CVE-2007-0283 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors…
CVE-2006-3711 — CVSS 4.0 (medium): Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka…
CVE-2009-1017 — CVSS 4.0 (medium): Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows…
CVE-2009-0994 — CVSS 4.0 (medium): Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows…
CVE-2006-3707 — CVSS 3.6 (low): Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln#…
CVE-2007-0275 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle…
CVE-2007-0282 — CVSS 3.2 (low): Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has…
CVE-2006-5363 — CVSS 2.6 (low): Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has…
CVE-2007-0286 — CVSS 2.6 (low): Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and…
CVE-2004-1877 — CVSS 2.6 (low): The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release…
CVE-2002-0568 — CVSS 2.1 (low): Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information…
CVE-2006-5364 — CVSS 2.1 (low): Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.1 and 10.1.2.0.2, and Collaboration…
CVE-2007-0287 — CVSS 1.7 (low): Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has…
CVE-2008-2619 — CVSS 1.7 (low): Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and…
CVE-2007-0288 — CVSS 1.7 (low): Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory…
CVE-2009-1990 — CVSS 1.7 (low): Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local…
CVE-2009-3412 — CVSS 1.0 (low): Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server…
CVE-2008-3987 — CVSS 1.0 (low): Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10.1.2.3 allows local users to affect…
CVE-2008-3986 — CVSS 1.0 (low): Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local…