Search Results (10706 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4550 1 Oracle 1 Application Server Discussion Forum Portlet 2026-04-16 N/A
The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).
CVE-2006-3704 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4.
CVE-2006-3722 1 Oracle 1 Peoplesoft Enterprise 2026-04-16 N/A
Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.
CVE-2005-2379 1 Oracle 1 Reports 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet.
CVE-2005-3450 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04.
CVE-2004-0385 1 Oracle 2 Application Server Web Cache, E-business Suite 2026-04-16 N/A
Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."
CVE-2004-0381 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-16 N/A
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
CVE-2006-3486 2 Mysql, Oracle 2 Mysql, Mysql 2026-04-16 N/A
Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability
CVE-2006-3718 1 Oracle 1 Exchange 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17.
CVE-2003-1193 1 Oracle 2 Application Server Portal, Oracle9i 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
CVE-2002-0566 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2026-04-16 N/A
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
CVE-2005-3641 1 Oracle 5 Database Server, Database Server Lite, Oracle10g and 2 more 2026-04-16 N/A
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
CVE-2004-1774 1 Oracle 2 Application Server, Oracle10g 2026-04-16 N/A
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
CVE-2006-3720 1 Oracle 1 Enterprise Manager 2026-04-16 N/A
Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02.
CVE-2002-1767 1 Oracle 1 Database Server 2026-04-16 N/A
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
CVE-2006-3699 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.
CVE-2006-2505 1 Oracle 1 Database Server 2026-04-16 N/A
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.
CVE-2006-3708 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03.
CVE-2002-1923 1 Oracle 1 Mysql 2026-04-16 N/A
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
CVE-2006-1516 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-16 N/A
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.