Lucene search
K

9878 matches found

Cvelist
Cvelist
added 2003/06/11 4:0 a.m.22 views

CVE-2003-0413

Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...

5.8AI score0.06739EPSS
Exploits1References9
CVE
CVE
added 2003/06/11 4:0 a.m.63 views

CVE-2003-0413

CVE-2003-0413 describes a cross-site scripting (XSS) vulnerability in the webapps-simple sample application used with Sun ONE Application Server 7.0 (Windows 2000/XP) or Sun Java System Web Server 6.1. The issue allows remote attackers to inject arbitrary web script/HTML via an HTTP request that ...

6.8CVSS6.1AI score0.06739EPSS
Exploits1References9Affected Software1
Packet Storm
Packet Storm
added 2003/05/28 12:0 a.m.35 views

sunone.txt

Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/05/28 12:0 a.m.28 views

Multiple Vulnerabilities in Sun-One Application Server

Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/05/28 12:0 a.m.151 views

Sun ONE Application Server Upper Case Request JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a different case ie: filename.JSP instead of filename.jsp. An attacker may use this flaw to get the source code of your CGIs and possibly obtain passwords and other relevant...

7.5CVSS5.6AI score0.27069EPSS
Exploits1References1
exploitpack
exploitpack
added 2003/05/27 12:0 a.m.20 views

Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting

Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters...

Exploits0
exploitpack
exploitpack
added 2003/05/27 12:0 a.m.11 views

Sun ONE Application Server 7.0 - Source Disclosure

Sun ONE Application Server 7.0 - Source Disclosure source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the serv...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/27 12:0 a.m.28 views

Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/27 12:0 a.m.32 views

Sun ONE Application Server 7.0 - Source Disclosure

source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead ser...

7.4AI score
Exploits0
CVE
CVE
added 2003/04/02 5:0 a.m.56 views

CVE-2002-0569

CVE-2002-0569 affects Oracle 9i Application Server via the XSQLServlet, enabling remote authentication bypass to access configuration files. The core issue is bypassing access restrictions on configuration files through direct requests to XSQLServlet, leading to potential exposure of sensitive fi...

7.5CVSS9.1AI score0.1893EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2003/04/02 5:0 a.m.309 views

CVE-2001-1371

The CVE-2001-1371 entry concerns Oracle 9iAS (Oracle Application Server 9iAS) where SOAP is enabled by default (version 1.0.2.2), allowing anonymous remote deployment of SOAP services via urn:soap-service-manager and urn:soap-provider-manager. The connected OpenVAS/Nessus/NVD references corrobora...

7.5CVSS9AI score0.12299EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.29 views

CVE-2002-0569

Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet XSQLServlet...

9.1AI score0.1893EPSS
Exploits0References6
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.35 views

CVE-2001-1372

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message...

8.8AI score0.06483EPSS
Exploits1References8
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.31 views

CVE-2001-1371

The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager...

9AI score0.12299EPSS
Exploits1References7
CVE
CVE
added 2003/04/02 5:0 a.m.141 views

CVE-2001-1372

CVE-2001-1372 affects Oracle 9i Application Server (AS) 1.0.2. It enables an attacker to disclose the server’s physical webroot path by requesting a non-existent .JSP file, because the default error message leaks the pathname. The vulnerability is a information disclosure issue, with CVSS-like co...

5CVSS8.8AI score0.06483EPSS
Exploits1References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2003/03/25 12:0 a.m.243 views

J Walk Application Server Encoded Directory Traversal Arbitrary File Access

The version of J Walk running on the remote host has a directory traversal vulnerability. It is possible to read arbitrary files by prepending '.%252e/.%2523' to a filename. A remote attacker could exploit this to read sensitive information that might be used to mount further attacks. %NASLMINLEV...

5CVSS5.8AI score0.01838EPSS
Exploits0References2
NVD
NVD
added 2003/03/18 5:0 a.m.13 views

CVE-2002-0387

Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL...

7.5CVSS8AI score0.0317EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2003/03/16 12:0 a.m.25 views

Sun ONE (iPlanet) Application Server Detection

The remote host is running Sun ONE Application Server formerly known as iPlanet Application Server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid11402; scriptversion"1.19";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/16 12:0 a.m.20 views

iPlanet Application Server Prefix Remote Overflow

The remote Sun ONE Application Server formerly known as iPlanet Application Server is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in GET /AppServerPrefix/long buffer An attacker may use this flaw to execute arbitrary code on this hos...

7.5CVSS6.6AI score0.0317EPSS
Exploits0References2
securityvulns
securityvulns
added 2003/03/14 12:0 a.m.34 views

Sun One Application Server buffer overflow

Buffer overflow on oversized URI in connector module...

4.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder