9878 matches found
Oracle Application Server Web Cache contains heap overflow vulnerability
Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...
Multiple Vendor SOAP server array DoS
///////////////////////////////////////////////////////////////////// //===================== Security Advisory =====================// ///////////////////////////////////////////////////////////////////// --------------------------------------------------------------------- ----- Multiple Vendor...
CVE-2004-1816
Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service memory consumption...
CVE-2003-1529
Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" encoded dot dot in the URL...
Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)
NGSSoftware Insight Security Research Advisory Name : Multiple Oracle Application Server SQL Injection Vulnerabilities Systems Affected: All OS platforms; Oracle9i Application Server Release 1 and 2 and RDBMS Severity : High Risk Vendor URL : http://www.oracle.com/ Author : David Litchfield...
CVE-2003-1193
Multiple SQL injection vulnerabilities in the Portal DB 1 List of Values LOVs, 2 Forms, 3 Hierarchy, and 4 XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL...
CVE-2003-0595
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to WitangoUserReference...
CVE-2003-0595
WiTango Application Server and Tango 2000 are affected by a buffer overflow that can be triggered by a long cookie targeting the Witango_UserReference field, allowing remote execution of arbitrary code. The vulnerability is confirmed across multiple sources (NVD, Red Hat CVE, CVE.org), which desc...
PT-2003-1735 · Witango +1 · Witango Application Server +1
Name of the Vulnerable Software and Affected Versions: WiTango Application Server affected versions not specified Tango 2000 affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via a long cookie to Witango UserReference. This is a buffer overfl...
Witango & Tango 2000 Application Server Remote System Buffer Overrun
NGSSoftware Insight Security Research Advisory Name: WiTango Application Server & Tango 2000 Systems Affected: Windows Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.witango.com Author: Mark Litchfield [email protected] Date: 18th July 2003 Advisory numbe...
CVE-2003-0412
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities...
CVE-2003-0413
Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...
CVE-2003-0414
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile...
CVE-2003-0413
CVE-2003-0413 describes a cross-site scripting (XSS) vulnerability in the webapps-simple sample application used with Sun ONE Application Server 7.0 (Windows 2000/XP) or Sun Java System Web Server 6.1. The issue allows remote attackers to inject arbitrary web script/HTML via an HTTP request that ...
CVE-2003-0413
Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...
CVE-2003-0414
The CVE-2003-0414 entry describes a vulnerability in Sun ONE Application Server 7.0 on Windows 2000/XP where a generated statefile is created with world-readable permissions. This allows a local attacker to read the plaintext password stored in the statefile, enabling privilege escalation or unau...
CVE-2003-0414
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile...
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...
CVE-2003-0412
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities...