87 matches found
Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload
Exploit Title: Oracle Application Testing Suite Authentication Bypass and Arbitrary File Upload Remote Exploit Exploit Author: Zhou Yu Vendor Homepage: http://www.oracle.com/ Software Link: http://www.oracle.com/technetwork/oem/downloads/apptesting-downloads-1983826.html?ssSourceSiteId=otncn...
Oracle Application Testing Suite UploadFileAction fileType Directory Traversal (CVE-2016-0491)
A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation when processing HTTP request sent to URI "/olt/UploadFileUpload.do". A remote attacker can exploit this vulnerability by sending a malicious request to the...
Oracle Application Testing Suite DownloadServlet reportName Directory Traversal (CVE-2016-0476)
A directory traversal vulnerability has been reported in Oracle Load Testing component of Oracle Application Testing Suite. The vulnerability is caused due to improper handling of path names when downloading files via the Oracle Load Testing component. Unauthenticated remote attackers could explo...
Oracle Application Testing Suite ReportImage tempfilename Directory Traversal (CVE-2016-0489)
A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation in the Oracle Test Manager component while processing the HTTP request parameter tempfilename. A remote, authenticated attacker could exploit this...
Oracle Application Testing Suite UploadServlet filename Directory Traversal (CVE-2016-0490)
A directory path traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing the HTTP request header filename. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious request to th...
Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing a reportName parameter containi...
Oracle Application Testing Suite DownloadServlet file Parameter Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a file parameter...
Oracle Application Testing Suite Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function used for the admin pages. This function has a list of URI entries which do not require authentication...
Oracle Application Testing Suite DownloadServlet TMAPReportImage Parameter Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a TMAPReportImage...
Oracle Application Testing Suite DownloadServlet Multiple Parameter Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing repository, workspace, or...
Oracle Application Testing Suite DownloadServlet scheduleReportName Parameter Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a scheduleReportName...
Oracle Application Testing Suite Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the ActionServlet servlet. The process method for this servlet will bypass authentication if the URI starts with a specific string. ...
Oracle Application Testing Suite DownloadServlet exportFileName Parameter Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing an exportFileName...
Oracle Application Testing Suite filename Header Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. By providing a filename header containing ...
Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00704)
Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the vulnerability to...
CVE-2016-0491
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from...
CVE-2016-0485
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...
CVE-2016-0482
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...
CVE-2016-0480
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481,...
CVE-2016-0478
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...