Lucene search
+L

161 matches found

Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.39 views

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function used for the admin pages. This function has a list of URI entries which do not require authentication...

7.5CVSS8.3AI score0.6531EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.37 views

Oracle Application Testing Suite filename Header Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. By providing a filename header containing ...

10CVSS7.8AI score0.27444EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.32 views

Oracle Application Testing Suite DownloadServlet scheduleReportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a scheduleReportName...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.37 views

Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required but can be bypassed. The specific vulnerability is in the UploadFileAction servlet. By providing a fileType parameter of "", an attacker...

9CVSS7.8AI score0.8075EPSS
Exploits6References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.25 views

Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a reportName parameter...

7.8CVSS7.2AI score0.27519EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.36 views

Oracle Application Testing Suite DownloadServlet scriptPath Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a scriptPath parameter...

7.8CVSS7.3AI score0.22011EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.34 views

Oracle Application Testing Suite DownloadServlet Multiple Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing repository, workspace, or...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.31 views

Oracle Application Testing Suite DownloadServlet file Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a file parameter...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.35 views

Oracle Application Testing Suite DownloadServlet exportFileName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing an exportFileName...

7.8CVSS7.2AI score0.27519EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.37 views

Oracle Application Testing Suite ReportImage tempfilename Parameter Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required but can be bypassed. The specific vulnerability is exposed by the ActionServlet servlet. In the ReportImage action, the tempfilename...

9CVSS7.8AI score0.54782EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.28 views

Oracle Application Testing Suite DownloadServlet scriptName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing a scriptName parameter containi...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.77 views

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function. This function has a list of URI entries which do not require authentication. Because the function only...

7.5CVSS7.7AI score0.92719EPSS
Exploits5References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.7 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00704)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the vulnerability to...

6.4CVSS9.1AI score0.6531EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.7 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Load Testing for Web Apps Component (CNVD-2016-00673)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified security vulnerability in the Oracle Application Testing Suite Load Testing for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the...

5CVSS6.8AI score0.21922EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.5 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Load Testing for Web Apps Component (CNVD-2016-00672)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified security vulnerability in the Oracle Application Testing Suite Load Testing for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the...

5CVSS6.8AI score0.21922EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.6 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Load Testing for Web Apps Component (CNVD-2016-00693)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified vulnerability in the Oracle Application Testing Suite Load Testing for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the vulnerability to...

5CVSS6.8AI score0.27519EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.6 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00669)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified security vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the...

6.4CVSS6.8AI score0.92719EPSS
Exploits5References1
NVD
NVD
added 2016/01/21 3:0 a.m.27 views

CVE-2016-0492

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than...

6.4CVSS5.8AI score0.92719EPSS
Exploits5References8
OSV
OSV
added 2016/01/21 3:0 a.m.5 views

CVE-2016-0491

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from...

6AI score0.8075EPSS
Exploits6References8
NVD
NVD
added 2016/01/21 3:0 a.m.15 views

CVE-2016-0489

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the...

6.5CVSS6AI score0.54782EPSS
Exploits0References4
Rows per page
Query Builder