Oracle HTTP Server - XSS Header Injection

No description provided by source. --------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection --------------------------------------------------------------------------------------------------------- Attack...

Oracle HTTP Server Header Cross Site Scripting

--------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection --------------------------------------------------------------------------------------------------------- Attack Pattern ID : CAPEC-86 CWE ID : CI-79...

Oracle HTTP Server XSS Header Injection

Exploit for multiple platform in category web applications Attack Pattern ID : CAPEC-86 CWE ID : CI-79 OWASP IDs : A1-Injections, A2-Cross Site Scripting XSS CVE ID : not yet Related CVEs : CVE-2006-3918, CVE-2007-0275 A.K.A : Unfiltered Header Injection Product Type : Application Vendor : Oracle...

JVN#50837839 Oracle Application Server vulnerable to cross-site scripting

Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

Directory traversal

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably ".." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed...

CVE-2007-0222

CVE-2007-0222 is a directory traversal vulnerability in Oracle Application Server 10g (10.1.3.0.0) specifically in the EmChartBean server-side component. It allows remote, unauthenticated attackers to read arbitrary files outside the application root (likely via “..” in requests to the beanId par...

CVE-2007-0222

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably ".." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed...

Oracle Enterprise Manager Agent buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3460 BID: 15146 OSVDB: 20664 Background Oracle Application Server 10g includes the emagent.exe program which listens for connections on port 1830/TCP by default. Problem A buffer overflow vulnerability in emagent.exe could allow a remote attacker to execute arbitra...

Oracle Enterprise Manager Agent buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3460 BID: 15146 OSVDB: 20664 Background Oracle Application Server 10g includes the emagent.exe program which listens for connections on port 1830/TCP by default. Problem A buffer overflow vulnerability in emagent.exe could allow a remote attacker to execute arbitra...

CVE-2004-1362

CVE-2004-1362 affects the PL/SQL module of the Oracle HTTP Server in Oracle Application Server 10g when using the WE8ISO8859P1 character set. The issue is a character conversion flaw that allows remote attackers to bypass access restrictions for certain procedures via an encoded URL containing “%...