The remote host is an Oracle 9iAS server. By default, accessing the location /oprocmgr-status via HTTP lets an attacker obtain the list of processes running on the remote host, and even to to start or stop them.

In the default configuration of Oracle 9iAS, it is possible to make requests for the globals.jsa file for a given web application. These files should not be returned by the server as they often contain sensitive information such as database credentials.

In a default installation of Oracle 9iAS, it is possible to access the mod_plsql DAD Admin interface. Access to these pages should be restricted.

In a default installation of Oracle 9iAS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted.

Oracle 9i Application Server uses Apache as it's web server. There is a buffer overflow in the mod_plsql module which allows an attacker to run arbitrary code.

According to its version, the version of OracleWebCache installed on the remote host is affected by denial of service vulnerability. A remote attacker may exploit this vulnerability to crash the remote service.

The remote host is running MySQL, an open source database server.

Microsoft SQL server has a function wherein remote users can query the database server for the version that is being run.  The query takes place over the same UDP port that handles the mapping of multiple SQL server instances on the same machine. 

It is important to note that, after Version 8.00.194, Microsoft decided not to update this function.  This means that the data returned by the SQL ping is inaccurate for newer releases of SQL Server.

The remote instance of MS SQL / SQL Server has the default 'sa' account enabled without any password. 

An attacker may leverage this flaw to execute commands against the remote host, as well as read the content of any databases it might have.

The remote Oracle Listener Program (tnslsnr) has no password assigned. An attacker may use this fact to shut it down arbitrarily, thus preventing legitimate users from using it.

The remote host is running the Oracle tnslsnr service, a network interface to Oracle databases.  This product allows a remote user to determine the presence and version number of a given Oracle installation.

It may be possible to make a web server execute arbitrary code by sending it a too long url starting with /jsp/ For example: GET /jsp/AAAA.....AAAAA

The installed version of MySQL is older than version 3.23.36. Such versions are potentially affected by multiple vulnerabilities :  

  - It is possible to modify arbitrary files and gain     privileges by creating a database with '..' characters.
    (CVE-2001-0407)

  - Users with a MySQL account can use the 'SHOW GRANTS'     command to obtain the encrypted administrator password     from the 'mysql.user' table. (CVE-2001-1275)

  - Local users can modify passwords for arbitrary MySQL     users via the 'GRANT' privilege. (CVE-2000-0045)

One of the sample applications that comes with the Oracle XSQL Servlet  allows an attacker to make arbitrary queries to the Oracle database (under an unprivileged account). Whilst not allowing an attacker to delete or modify database contents, this flaw can be used to enumerate database users and view table names.

The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page.

It is possible to connect to the remote PostgreSQL database server using an unpassworded account. This may allow an attacker to launch further attacks against the database.

It is possible to connect to the remote MySQL database server using an unpassworded account.  This may allow an attacker to launch further attacks against the database.

The remote version of MySQL is older than (or as old as) version 3.22.30 or 3.23.10.  Thus, it may allow attacker who knows a valid username to access database tables without a valid password.

The remote Microsoft SQL server can be shut down when it is sent a TCP packet containing more than 2 NULLs.

An attacker may use this problem to prevent it from being used by legitimate clients, thus threatening your business.

It was possible to make the remote web server crash by supplying a too long argument to the cgi /ews-bin/fnord. An attacker may use this flaw to prevent your customers to access your website.

ID	Name	Severity
10851	Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous Process Manipulation	medium
10850	Oracle 9iAS globals.jsa Database Credential Remote Disclosure	medium
10849	Oracle 9iAS mod_plsql DAD Admin Interface Access	medium
10848	Oracle 9iAS DMS / JPM Pages Anonymous Access	medium
10840	Oracle 9iAS mod_plsql Help Page Request Remote Overflow	high
10808	Oracle Application Server Web Cache Multiple Remote DoS	medium
10719	MySQL Server Detection	info
10674	Microsoft SQL Server UDP Query Remote Version Disclosure	info
10673	Microsoft SQL Server sa Account Default Blank Password	critical
10660	Oracle Database Listener Program (tnslsnr) Service Blank Password	medium
10658	Oracle Database tnslsnr Service Remote Version Disclosure	info
10654	Oracle Application Server ndwfn4.so HTTP Request Remote Overflow	high
10626	MySQL < 3.23.36 Multiple Vulnerabilities	high
10613	Oracle XSQL query.xsql sql Parameter SQL Injection	medium
10594	Oracle Application Server XSQL Stylesheet Arbitrary Java Code Execution	high
10483	PostgreSQL Default Unpassworded Account	high
10481	MySQL Unpassworded Account Check	high
10343	MySQL Short Check String Authentication Bypass	high
10145	MS99-059: Microsoft SQL Server Crafted TCP Packet Remote DoS (uncredentialed check)	medium
10171	Oracle Webserver PL/SQL Stored Procedure GET Request DoS	medium

Detections

Analytics

Databases Family for Nessus

medium

medium

medium

medium

high

medium

info

info

critical

medium

info

high

high

medium

high

high

high

high

medium

medium