Export limit exceeded: 10706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10706 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1480 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-04-16 | N/A |
| MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | ||||
| CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | ||||
| CVE-2004-0388 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2026-04-16 | N/A |
| The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2003-1208 | 1 Oracle | 1 Oracle9i | 2026-04-16 | N/A |
| Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions. | ||||
| CVE-2003-1193 | 1 Oracle | 2 Application Server Portal, Oracle9i | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | ||||
| CVE-2005-0701 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | ||||
| CVE-2001-0498 | 1 Oracle | 1 Oracle8i | 2026-04-16 | N/A |
| Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension. | ||||
| CVE-1999-1256 | 1 Oracle | 1 Database Assistant | 2026-04-16 | N/A |
| Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file. | ||||
| CVE-2004-2149 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders. | ||||
| CVE-2006-0270 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. | ||||
| CVE-1999-1125 | 1 Oracle | 1 Http Server | 2026-04-16 | N/A |
| Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. | ||||
| CVE-2002-0568 | 1 Oracle | 3 Application Server, Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. | ||||
| CVE-2004-0837 | 4 Debian, Mysql, Oracle and 1 more | 5 Debian Linux, Mysql, Mysql and 2 more | 2026-04-16 | N/A |
| MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | ||||
| CVE-2006-0281 | 1 Oracle | 1 Enterpriseone | 2026-04-16 | N/A |
| Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01. | ||||
| CVE-2003-0841 | 1 Oracle | 1 Peopletools | 2026-04-16 | N/A |
| The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request. | ||||
| CVE-2006-0286 | 1 Oracle | 2 Application Server, Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01. | ||||
| CVE-2006-0425 | 1 Oracle | 1 Weblogic Portal | 2026-04-16 | N/A |
| BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. | ||||
| CVE-2006-0369 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access | ||||
| CVE-2003-0727 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions. | ||||
| CVE-2003-0633 | 1 Oracle | 2 Applications, E-business Suite | 2026-04-16 | N/A |
| Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. | ||||