9852 matches found
Design/Logic Flaw
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors...
CVE-2010-0067
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors...
CVE-2010-0070
CVE-2010-0070 is an Oracle App Server issue affecting Oracle Containers for J2EE in Oracle Application Server 10.1.2.3 and 10.1.3.4. It allows remote integrity impact via unknown vectors; exploitation details are not specified in the documents. The CVE is addressed in Oracle’s January 2010 Critic...
CVE-2010-0066
CVE-2010-0066 affects Oracle Application Server’s Access Manager Identity Server. The vulnerability permits remote attackers to affect integrity via HTTP without authentication and has a CVSS v2 base score of 5.0 (medium). Affected releases are Oracle Application Server 7.0.4.3 and 10.1.4.2. The ...
CVE-2010-0070
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors...
CVE-2009-3412
CVE-2009-3412 affects Oracle Database components (Unzip) in 9.2.0.8, 9.2.0.8DV and 10.1.0.5, and Oracle Application Server 10.1.2.3. Root cause: Unzip component vulnerability enabling local logon and partial confidentiality impact. CVSS in NVD shows Low base score (Local, High auth, Partial confi...
CVE-2009-3412
Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors...
Orion Application Server Terminal Escape Sequence in Logs Command Injection Vulnerability
Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...
Orion Application Server Terminal Escape Sequence in Logs Command Injection Vulnerability
Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Orion Application Server 2.0.7 is vulnerable; other versions may also be...
Design/Logic Flaw
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service Management Console shutdown via a crafted request. NOTE: some of the...
CVE-2009-4603
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service Management Console shutdown via a crafted request. NOTE: some of the...
Microsoft Windows Embedded OpenType Font Engine LZCOMP Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Embedded OpenType font engine. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Successful exploits may aid in the compromise of affected...
Oracle Releases Critical Patch Update for January 2010
Oracle has released its Critical Patch Update for January 2010 to address 24 vulnerabilities across several products. This update contains the following security fixes: 10 for Oracle Database 3 for Oracle Application Server 3 for the Oracle Applications Suite 1 for PeopleSoft and JD Edwards Suite...
Oracle to Patch 24 Security Flaws
Database server giant Oracle is joining Microsoft and Adobe this Patch Tuesday. As part of its Critical Patch Update schedule, Oracle plans to ship 24 security patches on January 12 to cover a wide range of serious vulnerabilities in its database and application server products. “Due to the threa...
Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection
Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37717/info Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can...
Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection
source: https://www.securityfocus.com/bid/37717/info Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Orion Application Serv...
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
WebSphere Application Server 7.0.0.5 for z-OS不安全文件权限信息泄露漏洞
No description provided by source...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML...
jbossas JMX-Console cross-site-scripting in filter parameter
Cross-site scripting XSS vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key...