CVE-2007-3863

Technical details for CVE-2007-3863 are not publicly provided in the supplied documents. No explicit affected versions, root cause, impact, or remediation are described here. Monitor for updates from Oracle advisories and security feeds.

CVE-2007-3862

Technical details about CVE-2007-3862 are not publicly provided in the supplied documents; monitor for updates. Available sources only note an unspecified vulnerability in Oracle Application Server via Oracle Single Sign-On.

CVE-2007-3861

Technical details for CVE-2007-3861 are not publicly available in the provided documents; no specific affected products, root cause, or remediation are given. Monitor for official updates.

CVE-2007-3859

Technical details for CVE-2007-3859 are not publicly available in the provided documents. No specifics on affected product version, root cause, or impact are given here; monitor for updates.

CVE-2007-3863

Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02...

CVE-2007-3859

Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01...

CVE-2007-3862

Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01...

Sun Java System Server XSLT处理远程Java方法执行漏洞

BUGTRAQ ID: 24850 CNCAN ID:CNCAN-2007071110 Sun Java System Application Server和Sun Java System Web Server是应用服务程序和WEB服务程序。 Sun Java System Application Server和Sun Java System Web Server不正确处理XML签名中的XSLT传送中包含的XSLT样式表单，远程攻击者可以利用漏洞执行任意Java方法。 Sun Java System Web Server 7.0 Sun Java System Application...

CVE-2007-3715

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716...

Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because Microsoft Active Directory fails to handle specially crafted user-supplied Lightweight Directory Access Protocol LDAP requests. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level...

Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability

Description Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits ca...

Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory fails to handle specially crafted Lightweight Directory Access Protocol LDAP requests. An attacker can exploit this issue to cause the affected application to stop responding,...

Design/Logic Flaw

Internet Communication Manager aka ICMAN.exe or ICM in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service process crash via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web...

CVE-2007-3615

SAP NetWeaver Application Server’s Internet Communication Manager (ICM/ICMAN.exe) in 6.x–7.x (Windows possibly) is vulnerable to a denial-of-service via a long URI containing sap-isc-key, related to web cache configuration. The connected documents do not provide additional technical details, expl...

CVE-2007-3615

Internet Communication Manager aka ICMAN.exe or ICM in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service process crash via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web...

Cross site scripting

Cross-site scripting XSS vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using 1 pls/ and 2 pls/MSBEP004/. NOTE: the provenance of this information is...

CVE-2007-3553

Cross-site scripting XSS vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using 1 pls/ and 2 pls/MSBEP004/. NOTE: the provenance of this information is...

EUVD-2007-3537

Cross-site scripting XSS vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using 1 pls/ and 2 pls/MSBEP004/. NOTE: the provenance of this information is...

CVE-2007-3397

The web container in IBM WebSphere Application Server WAS before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information...

Information disclosure

The web container in IBM WebSphere Application Server WAS before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information...