226 matches found
CVE-2016-0480
Oracle Application Testing Suite (ATS) versions 12.4.0.2 and 12.5.0.2 expose a directory-traversal vulnerability in the DownloadServlet when processing the TMAPReportImage parameter (CVE-2016-0480). Exploitation allows remote unauthenticated attackers to read arbitrary files from the server. The ...
CVE-2016-0476
CVE-2016-0476 concerns Oracle Application Testing Suite (ATS) DownloadServlet, specifically the reportName parameter in the DownloadServlet path used by the Load Testing component. The vulnerability stems from improper handling of path names, enabling directory traversal to read arbitrary files o...
EUVD-2016-0520
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...
EUVD-2016-0522
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...
EUVD-2016-0523
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than...
EUVD-2016-0525
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...
EUVD-2016-0521
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...
CVE-2016-0482
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...
CVE-2016-0492
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than...
CVE-2016-0490
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...
CVE-2016-0491
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from...
XSS Payload Management Framework: Sleepy Puppy
Sleepy Puppy is a cross-site scripting XSS payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time. Why Should I use Sleepy Puppy? Often when testing for client side injections HTML/JS/etc. security engineers are looking fo...
Web Security Dojo - Training Environment for Web Application Security Penetration Testing
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the...
IBM Security AppScan Enterprise Cross-Site Scripting Vulnerability
IBM Security AppScan Enterprise is a set of U.S. IBM Web application security testing solutions. Formerly known as IBM Rational AppScan Enterprise, the program supports simultaneous scanning of multiple Web applications , generate vulnerability reports and intelligent patching . IBM Security...
Google Releases 'nogotofail' Network Traffic Security Testing Tool
Google introduced a new security tool to help developers detect bugs and security glitches in the network traffic security that may leave passwords and other sensitive information open to snooping. The open source tool, dubbed as Nogotofail, has been launched by the technology giant in sake of a...
HP Unified Functional Testing远程代码执行漏洞
Bugtraq ID:66197 CVE ID:CVE-2013-6210 HP Unified Functional Testing是一款惠普推出高级现代应用测试解决方案。 HP Unified Functional Testing存在一个未明安全漏洞,允许远程攻击者利用漏洞执行任意代码。 0 HP Unified Functional Testing HP Unified Functional Testing 12.0已经修复该漏洞,建议用户下载更新:...
Kaseya 6.3 Shell Upload
, , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Kaseya Arbitrary File Upload Vulnerability Affected versions: All versions and hotfixes prior to 6.3.0.2 PDF:...
[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics
============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...
TinyWebGallery 1.8.9 Path Disclosure
============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...
Android Security Evaluation Framework: ASEF
Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it’s a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is...