Export limit exceeded: 10465 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10465 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0780 | 4 Conectiva, Mysql, Oracle and 1 more | 5 Linux, Mysql, Mysql and 2 more | 2026-04-16 | N/A |
| Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. | ||||
| CVE-2003-0841 | 1 Oracle | 1 Peopletools | 2026-04-16 | N/A |
| The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request. | ||||
| CVE-2003-0634 | 1 Oracle | 2 Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | ||||
| CVE-2003-0632 | 1 Oracle | 2 Applications, E-business Suite | 2026-04-16 | N/A |
| Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | ||||
| CVE-2003-0222 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2026-04-16 | N/A |
| Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | ||||
| CVE-2003-0150 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Linux | 2026-04-16 | N/A |
| MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | ||||
| CVE-2003-0073 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | ||||
| CVE-2002-1809 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | ||||
| CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | ||||
| CVE-2002-1923 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | ||||
| CVE-2002-2153 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | ||||
| CVE-2002-1630 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | ||||
| CVE-2002-1631 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. | ||||
| CVE-2002-1632 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | ||||
| CVE-2002-1636 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. | ||||
| CVE-2002-1637 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. | ||||
| CVE-2002-1639 | 1 Oracle | 1 Configurator | 2026-04-16 | N/A |
| Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host". | ||||
| CVE-2002-1640 | 1 Oracle | 1 Configurator | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet. | ||||
| CVE-2002-1641 | 1 Oracle | 1 Application Server Web Cache | 2026-04-16 | N/A |
| Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2002-1767 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument. | ||||