CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Packet Storm•added 2024/08/31 12:0 a.m.•193 views

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rkelly' class MetasploitModule 'Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal', 'Description' = %q This module exploits a...

6.5CVSS7AI score0.55917EPSS

Exploits3

CVE•added 2020/09/23 12:41 p.m.•38 views

CVE-2020-24624

CVE-2020-24624 describes an unauthenticated directory traversal in the DownloadServlet class’s execute() method on Hewlett Packard Enterprise’s Pay Per Use (PPU) Utility Computing Service (UCS) Meter, v1.9. The vulnerability allows an attacker to read arbitrary files via an improper validation of...

7.5CVSS7.6AI score0.00423EPSS

Exploits0References1Affected Software1

Metasploit•added 2019/05/07 7:56 p.m.•42 views

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module exploits a vulnerability in Oracle Application Testing Suite OATS. In the Load Testing interface, a remote user can abuse the custom report template selector, and cause the DownloadServlet class to read any file on the server as SYSTEM. Since the Oracle application contains multiple...

6.3CVSS8AI score0.55917EPSS

Exploits3

ATTACKERKB•added 2019/04/23 12:0 a.m.•28 views

Oracle Application Testing Suite DownloadServlet Directory Traversal Remote Code Execution

Oracle Application Testing Suite versions 13.3.0.1 and prior are vulnerable to a directory traversal attack. An attacker could leverage this to steal sensitive credentials, decrypt them, gain privileges, and get remote code execution. Recent assessments: wchen-r7 at May 09, 2019 5:57pm UTC...

6.5CVSS7.9AI score0.55917EPSS

Exploits3References3

Source Incite•added 2019/01/10 12:0 a.m.•24 views

SRC-2019-0033 : Oracle Application Testing Suite DownloadServlet File Read Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. The issue results fro...

6.5CVSS7AI score0.55917EPSS

Exploits3

Zero Day Initiative•added 2017/05/18 12:0 a.m.•24 views

Hewlett Packard Enterprise Cloud Optimizer DownloadServlet Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Cloud Optimizer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. The issue results from...

7.8CVSS7AI score0.03097EPSS

Exploits0References1

Zero Day Initiative•added 2016/01/25 12:0 a.m.•32 views

Oracle Application Testing Suite DownloadServlet exportFileName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing an exportFileName...

7.8CVSS7.2AI score0.18296EPSS

Exploits0References1

Zero Day Initiative•added 2016/01/25 12:0 a.m.•23 views

Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability

7.8CVSS7.3AI score0.02771EPSS

Exploits0References1

Zero Day Initiative•added 2016/01/25 12:0 a.m.•21 views

Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability

7.8CVSS7.2AI score0.18296EPSS

Exploits0References1

Zero Day Initiative•added 2016/01/25 12:0 a.m.•17 views

Oracle Application Testing Suite DownloadServlet TMAPReportImage Parameter Directory Traversal Information Disclosure Vulnerability

7.8CVSS7.3AI score0.02378EPSS

Exploits0References1

Zero Day Initiative•added 2016/01/25 12:0 a.m.•25 views

Oracle Application Testing Suite DownloadServlet scriptPath Parameter Directory Traversal Information Disclosure Vulnerability

7.8CVSS7.3AI score0.02378EPSS

Exploits0References1

Zero Day Initiative•added 2016/01/25 12:0 a.m.•22 views

Oracle Application Testing Suite DownloadServlet scriptName Parameter Directory Traversal Information Disclosure Vulnerability

7.8CVSS7.3AI score0.02771EPSS

Exploits0References1

Zero Day Initiative•added 2016/01/25 12:0 a.m.•30 views

Oracle Application Testing Suite DownloadServlet scheduleReportName Parameter Directory Traversal Information Disclosure Vulnerability

7.8CVSS7.3AI score0.02378EPSS

Exploits0References1

Zero Day Initiative•added 2016/01/25 12:0 a.m.•30 views

Oracle Application Testing Suite DownloadServlet Multiple Parameter Directory Traversal Information Disclosure Vulnerability

7.8CVSS7.3AI score0.02771EPSS

Exploits0References1

NVD•added 2016/01/21 3:0 a.m.•13 views

CVE-2016-0486

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...

5CVSS5.5AI score0.18296EPSS

Exploits0References4

OSV•added 2016/01/21 3:0 a.m.•1 views

CVE-2016-0481

5.9AI score0.02378EPSS

Exploits0References4

NVD•added 2016/01/21 3:0 a.m.•16 views

CVE-2016-0478

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

5CVSS5.6AI score0.02771EPSS

Exploits0References4

OSV•added 2016/01/21 3:0 a.m.•1 views

CVE-2016-0478

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

5.9AI score0.02771EPSS

Exploits0References4

Prion•added 2016/01/21 3:0 a.m.•18 views

Directory traversal

5CVSS5.8AI score0.18296EPSS

Exploits0References4Affected Software1

Prion•added 2016/01/21 3:0 a.m.•13 views

Directory traversal

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

5CVSS5.8AI score0.02771EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by