9878 matches found
CVE-2003-0413
Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...
CVE-2003-0413
CVE-2003-0413 describes a cross-site scripting (XSS) vulnerability in the webapps-simple sample application used with Sun ONE Application Server 7.0 (Windows 2000/XP) or Sun Java System Web Server 6.1. The issue allows remote attackers to inject arbitrary web script/HTML via an HTTP request that ...
sunone.txt
Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...
Multiple Vulnerabilities in Sun-One Application Server
Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...
Sun ONE Application Server Upper Case Request JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a different case ie: filename.JSP instead of filename.jsp. An attacker may use this flaw to get the source code of your CGIs and possibly obtain passwords and other relevant...
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters...
Sun ONE Application Server 7.0 - Source Disclosure
Sun ONE Application Server 7.0 - Source Disclosure source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the serv...
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting
source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied...
Sun ONE Application Server 7.0 - Source Disclosure
source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead ser...
CVE-2002-0569
CVE-2002-0569 affects Oracle 9i Application Server via the XSQLServlet, enabling remote authentication bypass to access configuration files. The core issue is bypassing access restrictions on configuration files through direct requests to XSQLServlet, leading to potential exposure of sensitive fi...
CVE-2001-1371
The CVE-2001-1371 entry concerns Oracle 9iAS (Oracle Application Server 9iAS) where SOAP is enabled by default (version 1.0.2.2), allowing anonymous remote deployment of SOAP services via urn:soap-service-manager and urn:soap-provider-manager. The connected OpenVAS/Nessus/NVD references corrobora...
CVE-2002-0569
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet XSQLServlet...
CVE-2001-1372
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message...
CVE-2001-1371
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager...
CVE-2001-1372
CVE-2001-1372 affects Oracle 9i Application Server (AS) 1.0.2. It enables an attacker to disclose the server’s physical webroot path by requesting a non-existent .JSP file, because the default error message leaks the pathname. The vulnerability is a information disclosure issue, with CVSS-like co...
J Walk Application Server Encoded Directory Traversal Arbitrary File Access
The version of J Walk running on the remote host has a directory traversal vulnerability. It is possible to read arbitrary files by prepending '.%252e/.%2523' to a filename. A remote attacker could exploit this to read sensitive information that might be used to mount further attacks. %NASLMINLEV...
CVE-2002-0387
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL...
Sun ONE (iPlanet) Application Server Detection
The remote host is running Sun ONE Application Server formerly known as iPlanet Application Server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid11402; scriptversion"1.19";...
iPlanet Application Server Prefix Remote Overflow
The remote Sun ONE Application Server formerly known as iPlanet Application Server is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in GET /AppServerPrefix/long buffer An attacker may use this flaw to execute arbitrary code on this hos...
Sun One Application Server buffer overflow
Buffer overflow on oversized URI in connector module...