Export limit exceeded: 10309 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10706 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1632 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
CVE-2001-1216 1 Oracle 1 Application Server 2026-04-16 N/A
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
CVE-2001-0249 3 Hp, Oracle, Sgi 3 Hp-ux, Solaris, Irix 2026-04-16 9.8 Critical
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
CVE-2000-0148 1 Oracle 1 Mysql 2026-04-16 N/A
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
CVE-2005-1747 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
CVE-2005-1746 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2026-04-16 N/A
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.
CVE-2002-1631 1 Oracle 1 Application Server 2026-04-16 N/A
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
CVE-2005-1745 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2026-04-16 N/A
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.
CVE-2005-1743 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.
CVE-2002-1630 1 Oracle 1 Application Server 2026-04-16 N/A
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
CVE-2001-1041 1 Oracle 1 Database Server 2026-04-16 N/A
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
CVE-2005-1742 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
CVE-2005-1636 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-16 N/A
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
CVE-2002-1376 3 Oracle, Redhat, Symantec Veritas 6 Mysql, Enterprise Linux, Linux and 3 more 2026-04-16 N/A
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2005-1496 1 Oracle 2 Application Server, Oracle10g 2026-04-16 N/A
The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.
CVE-2005-1495 1 Oracle 3 Application Server, Oracle10g, Oracle9i 2026-04-16 N/A
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.
CVE-2002-1375 3 Oracle, Redhat, Symantec Veritas 5 Mysql, Enterprise Linux, Linux and 2 more 2026-04-16 N/A
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
CVE-2001-0975 1 Oracle 1 Internet Directory 2026-04-16 N/A
Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2001-0126 1 Oracle 1 Oracle8i 2026-04-16 N/A
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
CVE-2005-1383 1 Oracle 1 Application Server 2026-04-16 N/A
The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.