Lucene search
K

87 matches found

Exploit DB
Exploit DB
added 2016/04/13 12:0 a.m.54 views

Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload

Exploit Title: Oracle Application Testing Suite Authentication Bypass and Arbitrary File Upload Remote Exploit Exploit Author: Zhou Yu Vendor Homepage: http://www.oracle.com/ Software Link: http://www.oracle.com/technetwork/oem/downloads/apptesting-downloads-1983826.html?ssSourceSiteId=otncn...

6.4CVSS7.5AI score0.92719EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2016/03/21 12:0 a.m.6 views

Oracle Application Testing Suite UploadFileAction fileType Directory Traversal (CVE-2016-0491)

A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation when processing HTTP request sent to URI "/olt/UploadFileUpload.do". A remote attacker can exploit this vulnerability by sending a malicious request to the...

6.4CVSS2.3AI score0.8075EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2016/03/20 12:0 a.m.2 views

Oracle Application Testing Suite DownloadServlet reportName Directory Traversal (CVE-2016-0476)

A directory traversal vulnerability has been reported in Oracle Load Testing component of Oracle Application Testing Suite. The vulnerability is caused due to improper handling of path names when downloading files via the Oracle Load Testing component. Unauthenticated remote attackers could explo...

5CVSS4AI score0.21922EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/14 12:0 a.m.11 views

Oracle Application Testing Suite ReportImage tempfilename Directory Traversal (CVE-2016-0489)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation in the Oracle Test Manager component while processing the HTTP request parameter tempfilename. A remote, authenticated attacker could exploit this...

6.5CVSS2.1AI score0.54782EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/02/09 12:0 a.m.4 views

Oracle Application Testing Suite UploadServlet filename Directory Traversal (CVE-2016-0490)

A directory path traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing the HTTP request header filename. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious request to th...

6.4CVSS2.3AI score0.27444EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.25 views

Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing a reportName parameter containi...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.29 views

Oracle Application Testing Suite DownloadServlet file Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a file parameter...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.38 views

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function used for the admin pages. This function has a list of URI entries which do not require authentication...

7.5CVSS8.3AI score0.6531EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.19 views

Oracle Application Testing Suite DownloadServlet TMAPReportImage Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a TMAPReportImage...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.33 views

Oracle Application Testing Suite DownloadServlet Multiple Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing repository, workspace, or...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.32 views

Oracle Application Testing Suite DownloadServlet scheduleReportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a scheduleReportName...

7.8CVSS7.3AI score0.21922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.31 views

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the ActionServlet servlet. The process method for this servlet will bypass authentication if the URI starts with a specific string. ...

7.5CVSS7.4AI score0.50888EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.34 views

Oracle Application Testing Suite DownloadServlet exportFileName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing an exportFileName...

7.8CVSS7.2AI score0.27519EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/25 12:0 a.m.37 views

Oracle Application Testing Suite filename Header Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. By providing a filename header containing ...

10CVSS7.8AI score0.27444EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00704)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the vulnerability to...

6.4CVSS9.1AI score0.6531EPSS
Exploits0References1
OSV
OSV
added 2016/01/21 3:0 a.m.3 views

CVE-2016-0491

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from...

6AI score0.8075EPSS
Exploits6References8
OSV
OSV
added 2016/01/21 3:0 a.m.4 views

CVE-2016-0485

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...

5.9AI score0.27519EPSS
Exploits0References4
OSV
OSV
added 2016/01/21 3:0 a.m.3 views

CVE-2016-0482

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...

5.9AI score
Exploits0References4
OSV
OSV
added 2016/01/21 3:0 a.m.3 views

CVE-2016-0480

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481,...

5.9AI score0.21922EPSS
Exploits0References4
OSV
OSV
added 2016/01/21 3:0 a.m.3 views

CVE-2016-0478

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

5.9AI score0.21922EPSS
Exploits0References4
Rows per page
Query Builder