CVE-2002-1264 | Vulnerability Database | Aqua Security

Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.

Affected Software

Name	Vendor	Start Version	End Version
Oracle9i	Oracle	9.0 (including)	9.0 (including)
Oracle9i	Oracle	9.0.1 (including)	9.0.1 (including)
Oracle9i	Oracle	9.0.1.2 (including)	9.0.1.2 (including)
Oracle9i	Oracle	9.0.1.3 (including)	9.0.1.3 (including)
Oracle9i	Oracle	9.0.2 (including)	9.0.2 (including)
Oracle9i	Oracle	release_2_9.2.1 (including)	release_2_9.2.1 (including)
Oracle9i	Oracle	release_2_9.2.2 (including)	release_2_9.2.2 (including)

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html
http://marc.info/?l=bugtraq\u0026m=103643298712284\u0026w=2
http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf
http://www.iss.net/security_center/static/10524.php
http://www.osvdb.org/4013
http://www.securityfocus.com/bid/6085

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1264
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html