EUVD-2002-0560

Malware in sbrugna...

Oracle 9iAS mod_plsql directory traversal

In a default installation of Oracle 9iAS, it is possible to use the modplsql module to perform a directory traversal attack. OpenVAS Vulnerability Test $Id: oracle9imodplsqltraversal.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS modplsql directory traversal Authors: Matt Moore...

Oracle 9iAS mod_plsql Buffer Overflow

Oracle 9i Application Server uses Apache as it's web server. There is a buffer overflow in the modplsql module which allows an attacker to run arbitrary code. OpenVAS Vulnerability Test $Id: oracle9imodplsqloverflow.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS modplsql Buffer...

Oracle 9iAS PORTAL_DEMO ORG_CHART

In your installation of Oracle 9iAS, it is possible to access a demo PORTALDEMO.ORGCHART via modplsql. Access to these pages should be restricted, because it may be possible to abuse this demo for SQL Injection attacks. OpenVAS Vulnerability Test $Id: oracle9iportaldemoorgchart.nasl 8023 2017-12-...

Oracle 9iAS mod_plsql cross site scripting

The modplsql module supplied with Oracle9iAS allows cross site scripting attacks to be performed. OpenVAS Vulnerability Test $Id: oracle9imodplsqlcss.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS modplsql cross site scripting Authors: Matt Moore Copyright: Copyright C 2002 Matt...

Oracle 9i Application Server SOAP Default Configuration Vulnerability - Active Check

In a default installation of Oracle 9i Application Server AS v.1.0.2.2, it is possible to deploy or undeploy SOAP services without the need of any kind of credentials. SPDX-FileCopyrightText: 2003 Javier Fernandez-Sanguino Some text descriptions might be excerpted from a referenced sources, and a...

Oracle 9i Application Server SOAP Configuration File Accessible - Active Check

In a default installation of Oracle 9i Application Server AS v.1.0.2.2.1, it is possible to access some configuration files. These file includes detailed information on how the product was installed in the server including where the SOAP provider and service manager are located as well as...

Oracle 9iAS Dynamic Monitoring Services

In a default installation of Oracle 9iAS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted. OpenVAS Vulnerability Test $Id: oracle9iapachedms.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS Dynamic Monitoring...

Oracle 9iAS access to SOAP documentation

In a default installation of Oracle 9iAS, it is possible to access SOAP documentation. These files might be useful for an attacker to determine what application server is being used. OpenVAS Vulnerability Test $Id: oracle9isoapdocs.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS...

Oracle 9iAS Globals.jsa access

In the default configuration of Oracle9iAS, it is possible to make requests for the globals.jsa file for a given web application. These files should not be returned by the server as they often contain sensitive information. OpenVAS Vulnerability Test $Id: oracle9iglobalsdotjsa.nasl 8023 2017-12-0...

Oracle 9i Application Server OWA UTIL Accessible - Active Check

Oracle 9i Application Server AS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. SPDX-FileCopyrightText: 2003 Javier Fernandez-Sanguino Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

Oracle 9i Application Server Globals.jsa Access Information Disclosure Vulnerability - Active Check

In the default configuration of Oracle 9i Application Server AS, it is possible to make requests for the globals.jsa file for a given web application. These files should not be returned by the server as they often contain sensitive information. SPDX-FileCopyrightText: 2002 Matt Moore Some text...

Oracle 9i Application Server PORTAL_DEMO ORG_CHART Accessible - Active Check

In installations of Oracle 9i Application Server AS, it is possible to access a demo PORTALDEMO.ORGCHART via modplsql. Access to these pages should be restricted, because it may be possible to abuse this demo for SQL injection attacks. SPDX-FileCopyrightText: 2003 Frank Berger Some text...

Oracle 9iAS DAD Admin interface

In a default installation of Oracle 9iAS, it is possible to access the modplsql DAD Admin interface. Access to these pages should be restricted. OpenVAS Vulnerability Test $Id: oracle9idadadmin.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS DAD Admin interface Authors: Matt Moor...

Oracle 9i Application Server iSQLplus XSS Vulnerability - Active Check

The login-page of Oracle 9i Application Server AS iSQLplus allows the injection of HTML and Javascript code via the username and password parameters. SPDX-FileCopyrightText: 2004 Frank Berger Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

Oracle 9i Application Server Dynamic Monitoring Services Accessible - Active Check

In a default installation of Oracle 9i Application Server AS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and ar...

Oracle 9iAS iSQLplus XSS

The login-page of Oracle9i iSQLplus allows the injection of HTML and Javascript code via the username and password parameters. Description : The remote host is running a version of the Oracle9i 'isqlplus' CGI which is vulnerable to a cross site scripting issue. An attacker may exploit this flaw t...

autoDeploy

In a default installation of Oracle 9iAS v.1.0.2.2, it is possible to deploy or undeploy SOAP services without the need of any kind of credentials. This is due to SOAP being enabled by default after installation in order to provide a convenient way to use SOAP samples. However, this feature poses...

Oracle 9i Application Server mod_plsql Directory Traversal Vulnerability - Active Check

In a default installation of Oracle 9i Application Server AS, it is possible to use the modplsql module to perform a directory traversal attack. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Oracle 9i Application Server DAD Admin Interface Accessible - Active Check

In a default installation of Oracle 9i Application Server AS, it is possible to access the modplsql DAD Admin interface. Access to these pages should be restricted. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...