Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

226 matches found

Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.35 views

Oracle Application Testing Suite filename Header Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. By providing a filename header containing ...

10CVSS7.8AI score0.17876EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.36 views

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function used for the admin pages. This function has a list of URI entries which do not require authentication...

7.5CVSS8.3AI score0.2134EPSS
Exploits4References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.30 views

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the ActionServlet servlet. The process method for this servlet will bypass authentication if the URI starts with a specific string. ...

7.5CVSS7.4AI score0.2134EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.36 views

Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required but can be bypassed. The specific vulnerability is in the UploadFileAction servlet. By providing a fileType parameter of "", an attacker...

9CVSS7.8AI score0.88432EPSS
Exploits6References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.28 views

Oracle Application Testing Suite DownloadServlet file Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a file parameter...

7.8CVSS7.3AI score0.02378EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.24 views

Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a reportName parameter...

7.8CVSS7.2AI score0.18296EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.24 views

Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing a reportName parameter containi...

7.8CVSS7.3AI score0.02771EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.31 views

Oracle Application Testing Suite DownloadServlet scriptPath Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a scriptPath parameter...

7.8CVSS7.3AI score0.02378EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.18 views

Oracle Application Testing Suite DownloadServlet TMAPReportImage Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a TMAPReportImage...

7.8CVSS7.3AI score0.02378EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.23 views

Oracle Application Testing Suite DownloadServlet scriptName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing a scriptName parameter containi...

7.8CVSS7.3AI score0.02771EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.74 views

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function. This function has a list of URI entries which do not require authentication. Because the function only...

7.5CVSS7.7AI score0.91458EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.31 views

Oracle Application Testing Suite DownloadServlet scheduleReportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a scheduleReportName...

7.8CVSS7.3AI score0.02378EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.30 views

Oracle Application Testing Suite DownloadServlet Multiple Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing repository, workspace, or...

7.8CVSS7.3AI score0.02771EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2016/01/25 12:0 a.m.33 views

Oracle Application Testing Suite ReportImage tempfilename Parameter Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required but can be bypassed. The specific vulnerability is exposed by the ActionServlet servlet. In the ReportImage action, the tempfilename...

9CVSS7.8AI score0.17703EPSS
Exploits0References1
CNVD
CNVDadded 2016/01/23 12:0 a.m.3 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00704)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the vulnerability to...

6.4CVSS9.1AI score0.2134EPSS
Exploits4References1
CNVD
CNVDadded 2016/01/23 12:0 a.m.2 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00669)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified security vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the...

6.4CVSS6.8AI score0.91458EPSS
Exploits5References1
CNVD
CNVDadded 2016/01/23 12:0 a.m.2 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Load Testing for Web Apps Component (CNVD-2016-00693)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified vulnerability in the Oracle Application Testing Suite Load Testing for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the vulnerability to...

5CVSS6.8AI score0.18296EPSS
Exploits0References1
CNVD
CNVDadded 2016/01/23 12:0 a.m.1 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Load Testing for Web Apps Component (CNVD-2016-00672)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified security vulnerability in the Oracle Application Testing Suite Load Testing for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the...

5CVSS6.8AI score0.02378EPSS
Exploits0References1
CNVD
CNVDadded 2016/01/23 12:0 a.m.1 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Load Testing for Web Apps Component (CNVD-2016-00673)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified security vulnerability in the Oracle Application Testing Suite Load Testing for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the...

5CVSS6.8AI score0.02378EPSS
Exploits0References1
NVD
NVDadded 2016/01/21 3:0 a.m.24 views

CVE-2016-0492

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than...

6.4CVSS5.8AI score0.91458EPSS
Exploits5References8
Rows per page
Query Builder