Lucene search
K

9878 matches found

CERT
CERT
added 2004/03/22 12:0 a.m.36 views

Oracle Application Server Web Cache contains heap overflow vulnerability

Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...

10CVSS7.4AI score0.15501EPSS
Exploits0References7
securityvulns
securityvulns
added 2004/03/16 12:0 a.m.68 views

Multiple Vendor SOAP server array DoS

///////////////////////////////////////////////////////////////////// //===================== Security Advisory =====================// ///////////////////////////////////////////////////////////////////// --------------------------------------------------------------------- ----- Multiple Vendor...

1.1AI score
Exploits0
NVD
NVD
added 2004/03/15 5:0 a.m.12 views

CVE-2004-1816

Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service memory consumption...

5CVSS6.7AI score0.02632EPSS
Exploits0References6
NVD
NVD
added 2003/12/31 5:0 a.m.13 views

CVE-2003-1529

Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" encoded dot dot in the URL...

5CVSS6.7AI score0.01838EPSS
Exploits0References7
securityvulns
securityvulns
added 2003/11/10 12:0 a.m.29 views

Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)

NGSSoftware Insight Security Research Advisory Name : Multiple Oracle Application Server SQL Injection Vulnerabilities Systems Affected: All OS platforms; Oracle9i Application Server Release 1 and 2 and RDBMS Severity : High Risk Vendor URL : http://www.oracle.com/ Author : David Litchfield...

0.3AI score
Exploits0
NVD
NVD
added 2003/11/03 5:0 a.m.20 views

CVE-2003-1193

Multiple SQL injection vulnerabilities in the Portal DB 1 List of Values LOVs, 2 Forms, 3 Hierarchy, and 4 XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL...

7.5CVSS8.1AI score0.01756EPSS
Exploits0References4
NVD
NVD
added 2003/08/27 4:0 a.m.15 views

CVE-2003-0595

Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to WitangoUserReference...

7.5CVSS7.9AI score0.07779EPSS
Exploits1References1
CVE
CVE
added 2003/07/25 4:0 a.m.52 views

CVE-2003-0595

WiTango Application Server and Tango 2000 are affected by a buffer overflow that can be triggered by a long cookie targeting the Witango_UserReference field, allowing remote execution of arbitrary code. The vulnerability is confirmed across multiple sources (NVD, Red Hat CVE, CVE.org), which desc...

7.5CVSS8.3AI score0.07779EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2003/07/25 12:0 a.m.3 views

PT-2003-1735 · Witango +1 · Witango Application Server +1

Name of the Vulnerable Software and Affected Versions: WiTango Application Server affected versions not specified Tango 2000 affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via a long cookie to Witango UserReference. This is a buffer overfl...

7.5CVSS7.9AI score0.07779EPSS
Exploits1References4
securityvulns
securityvulns
added 2003/07/18 12:0 a.m.25 views

Witango & Tango 2000 Application Server Remote System Buffer Overrun

NGSSoftware Insight Security Research Advisory Name: WiTango Application Server & Tango 2000 Systems Affected: Windows Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.witango.com Author: Mark Litchfield [email protected] Date: 18th July 2003 Advisory numbe...

0.2AI score
Exploits0
NVD
NVD
added 2003/06/30 4:0 a.m.13 views

CVE-2003-0412

Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities...

5CVSS6.7AI score0.01733EPSS
Exploits0References6
NVD
NVD
added 2003/06/30 4:0 a.m.19 views

CVE-2003-0413

Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...

6.8CVSS5.8AI score0.06739EPSS
Exploits1References9
NVD
NVD
added 2003/06/30 4:0 a.m.20 views

CVE-2003-0411

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...

7.5CVSS7.6AI score0.27069EPSS
Exploits1References7
NVD
NVD
added 2003/06/30 4:0 a.m.14 views

CVE-2003-0414

The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile...

7.2CVSS6.7AI score0.00377EPSS
Exploits0References7
CVE
CVE
added 2003/06/11 4:0 a.m.62 views

CVE-2003-0413

CVE-2003-0413 describes a cross-site scripting (XSS) vulnerability in the webapps-simple sample application used with Sun ONE Application Server 7.0 (Windows 2000/XP) or Sun Java System Web Server 6.1. The issue allows remote attackers to inject arbitrary web script/HTML via an HTTP request that ...

6.8CVSS6.1AI score0.06739EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2003/06/11 4:0 a.m.21 views

CVE-2003-0413

Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...

5.8AI score0.06739EPSS
Exploits1References9
CVE
CVE
added 2003/06/11 4:0 a.m.55 views

CVE-2003-0414

The CVE-2003-0414 entry describes a vulnerability in Sun ONE Application Server 7.0 on Windows 2000/XP where a generated statefile is created with world-readable permissions. This allows a local attacker to read the plaintext password stored in the statefile, enabling privilege escalation or unau...

7.2CVSS7.1AI score0.00377EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2003/06/11 4:0 a.m.17 views

CVE-2003-0414

The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile...

6.7AI score0.00377EPSS
Exploits0References7
Cvelist
Cvelist
added 2003/06/11 4:0 a.m.25 views

CVE-2003-0411

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...

7.6AI score0.27069EPSS
Exploits1References7
Cvelist
Cvelist
added 2003/06/11 4:0 a.m.18 views

CVE-2003-0412

Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities...

6.7AI score0.01733EPSS
Exploits0References6
Rows per page
Query Builder