Oracle: >> Database Server >> 7.1.3 Security Vulnerabilities
Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.
CVSS Score
5.0
EPSS Score
0.288
Published
2005-03-07
SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.
CVSS Score
7.5
EPSS Score
0.005
Published
2005-01-18
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
CVSS Score
2.1
EPSS Score
0.858
Published
2003-10-20
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
CVSS Score
2.1
EPSS Score
0.002
Published
2001-12-06
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
CVSS Score
7.2
EPSS Score
0.004
Published
2001-12-06
Page 2