CVE-2008-2583

Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors...

CVE-2008-2589

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims tha...

CVE-2008-2593

CVE-2008-2593 and CVE-2008-2594 refer to distinct vulnerabilities in the Oracle Portal component of Oracle Application Server 10g (versions 10.1.2.3 and 10.1.4.2). The Initial description indicates these are unspecified vulnerabilities with unknown impact and remote vectors. Connected documentati...

CVE-2008-2594

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593...

CVE-2008-2595

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researche...

CVE-2008-2614

CVE-2008-2614 affects the Oracle HTTP Server component bundled with Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3. The CVE entry itself is generic (unknown impact and remote vectors). Oracle’s July 2008 Critical Patch Update lists CVE-2008-2614 in the Oracle Application Server risk ma...

CVE-2008-2583

CVE-2008-2583 affects Oracle Portal’s sample Discussion Forum Portlet (Oracle Application Server 10g). The vulnerability resides in the Discussion Forum Portlet distributed via OTN prior to 20080715, enabling remote exploitation over a network with unknown impact per the initial description, but ...

CVE-2008-2596

CVE-2008-2596 affects Oracle E-Business Suite 12.0.3, Mobile Application Server. Oracle’s E-Business Suite risk matrix lists the vulnerability as exploitable with a valid session over HTTP, with CVSS v2 base score 5.5 (Network, Low access complexity, Single authentication, Confidentiality/Integri...

CVE-2008-2596

Unspecified vulnerability in the Mobile Application Server component in Oracle E-Business Suite 12.0.3 has unknown impact and remote authenticated attack vectors...

CVE-2008-2595

CVE-2008-2595 : A pre-authentication denial-of-service vulnerability exists in Oracle Internet Directory (LDAP) within Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2. The issue is caused by a NULL pointer dereference when processing malformed LDAP requests, leading to a crash of the vu...

CVE-2008-2612

Unspecified vulnerability in the Hyperion BI Plus component in Oracle Application Server 8.3.2.4, 8.5.0.3, 9.2.0.3, 9.2.1.0, and 9.3.1.0 has unknown impact and remote attack vectors...

CVE-2008-2609

CVE-2008-2609 affects Oracle Portal in Oracle Application Server (9.0.4.3, 10.1.2.3, 10.1.4.2). The CPU July 2008 advisory indicates this vulnerability is exploitable remotely over HTTP without authentication, with a CVSS v2 base score of 6.4 (Network, Low complexity, No authentication; Confident...

CVE-2008-2589

CVE-2008-2589 concerns an SQL injection in Oracle Application Server’s WWV_RENDER_REPORT package used by the Oracle Portal component. Affects Oracle Portal integrated in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1. The vulnerability arises from how the second argument to SHOW execut...

Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability

Description Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to...

Microsoft Windows Explorer saved-search File Remote Code Execution Vulnerability

Description Microsoft Windows Explorer is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application. Technologies Affected Avaya Messaging Application Server...

Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability

Description Microsoft Outlook Web Access OWA for Exchange Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

Caucho Resin vulnerable to XSS via "file" parameter to "viewfile"

Overview The "viewfile" command provided by Caucho Resin contains a cross-site scripting XSS vulnerability in the "file" parameter. Description Caucho Resin is a Java-based application server. The "viewfile" command that is provided with the Resin documentation is vulnerable to XSS via the "file"...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...