27 matches found
EUVD-2018-8742
Malware in sbrugna...
EUVD-2018-8740
Malware in sbrugna...
EUVD-2018-8747
Malware in sbrugna...
EUVD-2018-8743
Malware in sbrugna...
Oracle WebCenter Interaction Portal AjaxControl Component Denial of Service Vulnerability
Oracle WebCenter Interaction is an Oracle suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is an administrative interface.AjaxControl AjaxControl is one of the Ajax control components. A denial of...
CVE-2018-16959
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI ...
CVE-2018-16958
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
CVE-2018-16958
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
CVE-2018-16954
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection also called an open redirect. The inhiredirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE...
Hardcoded credentials
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network...
Cross site request forgery (csrf)
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal such as changing a portal user's password. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle...
CVE-2018-16953
The AjaxView::DisplayResponse function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. User input from the name parameter is unsafely reflected in the server response. NOTE: this CVE is assigned by MITRE and isn't...
CVE-2018-16952
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal such as changing a portal user's password. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle...
Design/Logic Flaw
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI ...
Buffer overflow
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software such as IIS. Renaming pages to inclu...
CVE-2018-16952
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal such as changing a portal user's password. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle...
CVE-2018-16955
The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. The content of the inhiredirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MIT...
Buffer overflow
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
Open redirect
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection also called an open redirect. The inhiredirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE...
CVE-2018-16958
Oracle WebCenter Interaction Portal 10.3.3 is affected. ASP.NET_SessionID cookie used with IIS/ASP.NET is not protected by HttpOnly, and customers cannot enable the attribute. This exposes the cookie to session hijacking if JavaScript runs in the portal origin. No explicit fix/mitigation is provi...