CVE-2016-0491

CVE-2016-0491 affects Oracle Application Testing Suite (ATS) within Oracle Enterprise Manager Grid Control, specifically ATS versions 12.4.0.2 and 12.5.0.2. Multiple sources document a vulnerability in the UploadFileUpload.do path that enables file upload and, via directory traversal or crafted i...

CVE-2016-0488

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than...

CVE-2016-0477

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

EUVD-2016-0521

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...

CVE-2016-0489

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the...

CVE-2016-0476

CVE-2016-0476 concerns Oracle Application Testing Suite (ATS) DownloadServlet, specifically the reportName parameter in the DownloadServlet path used by the Load Testing component. The vulnerability stems from improper handling of path names, enabling directory traversal to read arbitrary files o...

CVE-2016-0482

CVE-2016-0482 is a directory traversal vulnerability in Oracle Application Testing Suite (ATS) DownloadServlet. Exploitation involves sending a crafted HTTP request to /otm/download using the file parameter to read arbitrary server files. This has been described in multiple advisories (e.g., CPAI...

CVE-2016-0489

Summary: CVE-2016-0489 affects Oracle Application Testing Suite (Test Manager for Web Apps) in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The connected sources describe a directory traversal vulnerability in the ReportImage action via the tempfilename parameter in ActionServlet...

CVE-2016-0487

CVE-2016-0487 affects Oracle Application Testing Suite within Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The issue is an authentication bypass in the ActionServlet component (via directory traversal sequences following an unspecified URI), potentially allowing remote attackers ...

EUVD-2016-0522

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...

EUVD-2016-0525

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...

XSS Payload Management Framework: Sleepy Puppy

Sleepy Puppy is a cross-site scripting XSS payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time. Why Should I use Sleepy Puppy? Often when testing for client side injections HTML/JS/etc. security engineers are looking fo...

Web Security Dojo - Training Environment for Web Application Security Penetration Testing

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the...

IBM Security AppScan Enterprise Cross-Site Scripting Vulnerability

IBM Security AppScan Enterprise is a set of U.S. IBM Web application security testing solutions. Formerly known as IBM Rational AppScan Enterprise, the program supports simultaneous scanning of multiple Web applications , generate vulnerability reports and intelligent patching . IBM Security...

Google Releases 'nogotofail' Network Traffic Security Testing Tool

Google introduced a new security tool to help developers detect bugs and security glitches in the network traffic security that may leave passwords and other sensitive information open to snooping. The open source tool, dubbed as Nogotofail, has been launched by the technology giant in sake of a...

HP Unified Functional Testing远程代码执行漏洞

Bugtraq ID:66197 CVE ID:CVE-2013-6210 HP Unified Functional Testing是一款惠普推出高级现代应用测试解决方案。 HP Unified Functional Testing存在一个未明安全漏洞，允许远程攻击者利用漏洞执行任意代码。 0 HP Unified Functional Testing HP Unified Functional Testing 12.0已经修复该漏洞，建议用户下载更新：...

Kaseya 6.3 Shell Upload

, , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Kaseya Arbitrary File Upload Vulnerability Affected versions: All versions and hotfixes prior to 6.3.0.2 PDF:...

[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics

============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...

TinyWebGallery 1.8.9 Path Disclosure

============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...

Android Security Evaluation Framework: ASEF

Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it’s a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is...