9878 matches found
CVE-2001-0326
The CVE-2001-0326 entry concerns Oracle Java Virtual Machine (JVM) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1. Description in connected sources indicates an information disclosure vulnerability: remote attackers could read arbitrary files via the .jsp and .sqljsp extens...
Oracle Application Server ndwfn4.so HTTP Request Remote Overflow
It may be possible to make a web server execute arbitrary code by sending it a too long url starting with /jsp/ For example: GET /jsp/AAAA.....AAAAA C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10654; scriptversion"1.27"; scriptcvsdate"Date: 2018/07/16 14:09:13";...
Дырка в Oracle Application Server (shared library buffer overflow)
Переполнение буфера при длинном запросе...
Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow
Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow source: https://www.securityfocus.com/bid/2569/info The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web...
Oracle Application Server shared library buffer overflow
$Id: safer0016oasadvisory.txt,v 1.3 2001/03/27 10:27:16 vanja Exp $ S.A.F.E.R. Security Bulletin 0016 TITLE : Oracle Application Server shared library buffer overflow DATE : April 10, 2001 NATURE : Remote execution of code, Denial of Service AFFECTED : Oracle application server 4.0.8.2 + iWS...
Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow
source: https://www.securityfocus.com/bid/2569/info The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web server. If the library is sent a request longer than...
CHINANSL Security Advisory(CSA-200107)
Topic: IBM WCS 4.0.1 + Application Server 3.0.2 for Solaris 2.7 show ".jsp" source Vulnerability. vulnerable: Solaris 2.7 + IBM WCS4.0,Application Server 3.0.2 discussion: follow URL insert "/" will be downloading ".jsp" source. exploits: http://target/index.jsp/ solution: to...
Oracle Application Server XSQL Stylesheet Arbitrary Java Code Execution
The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details Changes by Tenable: -...
CVE-2000-1236
SQL injection vulnerability in modsql in Oracle Internet Application Server IAS 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL...
CVE-2000-1235
The default configurations of 1 the port listener and 2 modplsql in Oracle Internet Application Server IAS 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor DAD files...
Oracle WebDb engine brain-damagse
Ladies and gentlemen, here's something tasty: // Standard disclaimer applies. This post expresses my personal beliefs // and convinctions only. I am speaking as a private person. All the // statements were been provided for informative purposes only, and have // to be verified by the reader. NONE...
WebSphere application server plugin issue & vendor fix
I've had the opportunity to work with IBM WebSphere application server for a few months now and, in the course of playing around with some buffer overrun testing, a potential issue came up. WebSphere uses the HTTP Host: header to decide which WAS Virtual Host will service a particular request...
IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service
source: https://www.securityfocus.com/bid/1691/info Large amounts of data ie 1092+ characters in the Host: request header may cause the web server process to fault on signal 11 SIGSEGV or signal 10 SIGBUS. GET /servletsnoop HTTP/1.0 Host: xxxxxxxxxxxxxxxxxxxxxxxx1092+ characters resulted in the...
IBM WebSphere JSP showcode vulnerability
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere Application Server ---------------------------------------------------------------------- FS Advisory ID: FS-061200-3-IBM Release Date: June 12, 2000 Product: WebSphere Application Server Vendo...
New Allaire ColdFusion DoS
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Allaire's ColdFusion ---------------------------------------------------------------------------- --------- FS Advisory ID: FS-060700-1-CFM Release Date: June 7, 2000 Product: ColdFusion Web Application Serv...
CVE-1999-0477
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly...
oracle.iss.txt
-----BEGIN PGP SIGNED MESSAGE----- ISS Security Advisory November 10, 1999 Multiple Root Compromise Vulnerabilities in Oracle Application Server Synopsis: Internet Security Systems ISS X-Force has discovered multiple vulnerabilities in the Oracle Application Server OAS that may lead to local...
cfusion.txt
L0pht Security Advisory ------------- URL Origin: http://www.l0pht.com/advisories.html Release Date: April 20th, 1999 Application: Cold Fusion Application Server Severity: Web users can download, delete and even upload executable files to a Cold Fusion server. Access is not limited to files under...