The vulnerability of the Oracle Application Testing Suite’s Load Testing for Web Apps component within the Oracle Enterprise Manager software platform allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Oracle Application Testing Suite’s Load Testing for Web Apps component is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information or cause service failures using the HTTP...

The vulnerability of the Oracle Application Testing Suite’s Load Testing for Web Apps component within the Oracle Enterprise Manager software platform allows a malicious actor to gain unauthorized access to protected data or cause service failures.

The vulnerability of the Oracle Application Testing Suite’s Load Testing for Web Apps component is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data or cause service failures using the HTTP protocol...

Oracle Application Testing Suite Detection (Windows SMB Login)

SMB login-based detection of Oracle Application Testing Suite. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-3304

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker...

SRC-2019-0014 : Oracle Application Testing Suite UploadServlet External Entity Injection Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. Due to the...

OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

Description OWASP AntiSamy is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the...

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability

Description Apache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j 2.0-alpha1 through 2.8.1 ar...

Oracle Application Testing Suite Detection

Detects the installed version of Oracle Application Testing Suite. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability

Description Novell NetIQ Sentinel is prone to a security vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Novell NetIQ Sentinel version 7.4x are vulnerable. Technologies Affected Apache Commons FileUpload 1.0...

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...

Oracle Application Testing Suite (ATS) - Arbitrary File Upload (Metasploit)

Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle ATS Arbitrary File Upload', 'Description' = %q This module exploits an authentication...

Oracle ATS DownloadServlet scriptName Directory Traversal (CVE-2016-0478)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI with parameter scriptName. A remote unauthenticated attacker can exploit this vulnerability by...

Oracle Application Testing Suite DownloadServlet file Directory Traversal (CVE-2016-0482)

A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with the "file" parameter. A remote unauthenticated attacker can exploit this vulnerability by sendin...

Oracle Application Testing Suite Java Object Deserialization RCE (April 2016 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...

Oracle ATS DownloadServlet exportFileName Directory Traversal (CVE-2016-0486)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter exportFileName. A remote unauthenticated attacker can exploit this vulnerability by...

Oracle ATS DownloadServlet TMAPReportImage Directory Traversal (CVE-2016-0480)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter TMAPReportImage. A remote unauthenticated attacker can exploit this vulnerability by...

Oracle ATS DownloadServlet scheduleReportName Directory Traversal (CVE-2016-0481)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scheduleReportName. A remote unauthenticated attacker can exploit this vulnerability...

Oracle ATS DownloadServlet OTM reportName Directory Traversal (CVE-2016-0485)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter reportName.A remote unauthenticated attacker can exploit this vulnerability by sendi...

Oracle Application Testing Suite 登录绕过 和 任意文件上传漏洞

No description provided by source...

Oracle Application Testing Suite DownloadServlet scenario Directory Traversal (CVE-2016-0477)

A directory traversal vulnerability exists in the in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious...