DSECRG-08-023.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security...

[DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security...

SAP Web Application Server crossite scripting

Crossite scripting with /sap/bc/gui/sap/its/webgui/...

SAP Web Application Server 7.0 - sapbcguisapitswebgui Cross-Site Scripting

SAP Web Application Server 7.0 - sapbcguisapitswebgui Cross-Site Scripting source: https://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may...

SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Interstage Application Server cross-site scripting vulnerability

Overview The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console may be referred to as "Servlet Service for Interstage Operation Management" in certain versions included in the Interstage product series from Fujitsu contain a cross-site...

Cosminexus Application Server Incorrect Group Permission Handling Vulnerability

Overview When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user's group permissions to an activated server process. Impact An attacker could exploit the vulnerability to obtain...

Design/Logic Flaw

Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors...

CVE-2008-2221

Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors...

Oracle Application Server Portal绕过认证漏洞

BUGTRAQ ID: 29119 Oracle Application Server Portal（OracleAS Portal）是基于Web的应用程序，用于构建和部署portal。 OracleAS Portal在处理访问认证时存在漏洞，如果远程攻击者在提交的HTTP请求头中添加了特制的cookie值的话，就可以绕过对/davportal/portal/目录的基本认证保护，访问davportal内容。 Oracle Application Server Portal 10G Oracle ------...

Design/Logic Flaw

Oracle Application Server OracleAS Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /davportal/portal/ by sending a request containing a trailing "%0A" encoded line feed, then using the session ID that is generated from that request. NOTE: as of...

CVE-2008-2138

Oracle Application Server OracleAS Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /davportal/portal/ by sending a request containing a trailing "%0A" encoded line feed, then using the session ID that is generated from that request. NOTE: as of...

CVE-2008-2138

Oracle Application Server Portal 10g is affected by an authentication bypass vulnerability (CVE-2008-2138) where an unauthenticated attacker can read files under /dav_portal/portal by sending a crafted GET request containing a trailing %0A and then reusing the session ID generated from that reque...

Oracle Application Server unauthorized access

It's possible to bypass authentication...

Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability

Affected Software/Device: Oracle Application Server Portal Vulnerability: Authentication Bypass Tested Version: 10G Risk: Medium Description: Oracle Application Server Portal OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environmen...

CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

Code injection

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

CVE-2008-2120

CVE-2008-2120 is an information-disclosure vulnerability in Sun Java System Application Server 7 (2004Q2) before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 that allows remote attackers to obtain the source code of JSP files via unknown vectors. Affected components are...

oracleasp-bypass.txt

Affected Software/Device: Oracle Application Server Portal Vulnerability: Authentication Bypass Tested Version: 10G Risk: Medium Description: Oracle Application Server Portal OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environmen...