Oracle Application Testing Suite (Jul 2020 CPU)

The versions of Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Log4j. The...

Oracle Application Testing Suite (Apr 2020 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a Server Side Request Forgery SSRF vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications component: Core Apache Axis. The supported versions which are...

Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder Jython. Supported versions that are affected are...

CVE-2020-2673

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Code injection

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2020-2673

CVE-2020-2673 affects Oracle Application Testing Suite (Oracle Flow Builder) with affected versions 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. The vulnerability allows an unauthenticated attacker over HTTP to access critical data or take full control of the Oracle ATS exposed data, per CVSSv3.0 b...

CVE-2020-2673

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Oracle January 2020 Critical Patch Update Multiple Vulnerabilities

Description Oracle has released advance notification regarding the January 2020 Critical Patch Update CPU to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design...

Jaeles - The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation go get -u github.com/jaeles-project/jaeles Please visit the Official Documention for more details. Checkout Signature Repo for base signature. Usage More usage...

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Design/Logic Flaw

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2727

Oracle Application Testing Suite (subcomponent: Load Testing for Web Apps) in Oracle Enterprise Manager Products Suite, version 13.3, is affected by CVE-2019-2727. The vulnerability allows unauthenticated, network-based access via HTTP to compromise data: unauthorized update/insert/delete and rea...

Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities: - A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker can exploit this, via customized Java serialised object, to...

Oracle Enterprise Manager Products Suite Application Testing Suite Component Access Control Error Vulnerability

Oracle Enterprise Manager Products Suite is a set of Oracle's on-premise management platform. Application Testing Suite is one of the application testing components. A security vulnerability exists in the Load Testing for Web Apps subcomponent of the Application Testing Suite component of Oracle...

Oracle Application Testing Suite WebLogic Server Administration Console War Deployment Exploit

This Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you...

Oracle Application Testing Suite DownloadServlet Directory Traversal (CVE-2019-2557)

A directory traversal vulnerability exists in Oracle Application Testing Suite. A remote authenticated attacker can exploit this vulnerability by sending a malicious request to the vulnerable server. Successful exploitation results in arbitrary file download from the target server...

Oracle Application Testing Suite WebLogic Server Administration Console War Deployment

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Application Testing Suite WebLogic Server Administration Console War Deployment', 'Description' = %q This module abuses a feature in...

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module exploits a vulnerability in Oracle Application Testing Suite OATS. In the Load Testing interface, a remote user can abuse the custom report template selector, and cause the DownloadServlet class to read any file on the server as SYSTEM. Since the Oracle application contains multiple...