Directory traversal

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the Januar...

Directory traversal

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...

Directory traversal

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from...

CVE-2016-0476

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and...

CVE-2016-0478

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

CVE-2016-0484

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the Januar...

CVE-2016-0486

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...

CVE-2016-0487

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...

CVE-2016-0489

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the...

CVE-2016-0488

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than...

CVE-2016-0477

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

CVE-2016-0486

CVE-2016-0486 affects Oracle Application Testing Suite (ATS) on Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The vulnerability is a directory traversal in the DownloadServlet, exploited via the exportFileName parameter, allowing a remote unauthenticated attacker to read arbitrary...

CVE-2016-0485

The CVE-2016-0485 issue affects Oracle Application Testing Suite (ATS) in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. It is described as a directory traversal vulnerability in the DownloadServlet that can be triggered via the /otm/download endpoint using the reportName parameter...

CVE-2016-0481

CVE-2016-0481 is a directory traversal vulnerability in Oracle’s Application Testing Suite (ATS) DownloadServlet affecting the /otm/download endpoint via the scheduleReportName parameter. The connected advisories (CPAI-2016-0306) describe the flaw as due to insufficient input validation, enabling...

CVE-2016-0478

CVE-2016-0478 corresponds to a directory traversal vulnerability in Oracle Application Testing Suite’s DownloadServlet. Affected products/versions cited: Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2, involving the DownloadServlet scriptName parameter; exploitation could allow read...

CVE-2016-0491

CVE-2016-0491 affects Oracle Application Testing Suite (ATS) within Oracle Enterprise Manager Grid Control, specifically ATS versions 12.4.0.2 and 12.5.0.2. Multiple sources document a vulnerability in the UploadFileUpload.do path that enables file upload and, via directory traversal or crafted i...

CVE-2016-0489

Summary: CVE-2016-0489 affects Oracle Application Testing Suite (Test Manager for Web Apps) in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The connected sources describe a directory traversal vulnerability in the ReportImage action via the tempfilename parameter in ActionServlet...

CVE-2016-0487

CVE-2016-0487 affects Oracle Application Testing Suite within Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The issue is an authentication bypass in the ActionServlet component (via directory traversal sequences following an unspecified URI), potentially allowing remote attackers ...

CVE-2016-0482

CVE-2016-0482 is a directory traversal vulnerability in Oracle Application Testing Suite (ATS) DownloadServlet. Exploitation involves sending a crafted HTTP request to /otm/download using the file parameter to read arbitrary server files. This has been described in multiple advisories (e.g., CPAI...