9852 matches found
CVE-2005-4834
IBM WebSphere Application Server WAS 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container...
CVE-2007-1504
Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...
Cross site scripting
Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...
CVE-2007-1504
The Interstage Application Server (IJServer) Servlet Service in Fujitsu’s Interstage product line contains a cross-site scripting (XSS) vulnerability in the Interstage Business Application/Management Console Servlet Service (IJServer 8.0.2 and earlier). The root cause is described as an XSS flaw ...
JBoss Application Server may not properly restrict access to the administrative interface
Overview The JBoss Application Server may allow unauthenticated, remote access to the administrative console. Description JBoss is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be...
SAP 'enserver.exe' file downloader
No description provided by source. !/usr/bin/perl -w SAP 'enserver.exe' file downloader Tested on "SAP Web Application Server Java 6.40" eval DVD Found & coded by Nicob The downloaded file is limited to the first 32 kilobytes Usual port : TCP/3200+SYSNR Exemple : ./r3-stealer-1.0.pl 192.168.2.22...
Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technical details)
Multiple vulnerabilities in SAP Web Application Server Technical details Application : SAP Web AS 6.40 patch 136 and 7.00 patch 66 Platform : All platforms except the third vulnerability Impacts : Remote file disclosure, remote DoS, local privilege escalation Release Date : 8 February 2007 Author...
SAP Web Application Server multiple security vulnerabilities
Directory traversal, local privilege escalation, DoS...
Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability
Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...
SAP Web Application Server 6.40 - Arbitrary File Disclosure
SAP Web Application Server 6.40 - Arbitrary File Disclosure !/usr/bin/perl -w SAP 'enserver.exe' file downloader Tested on "SAP Web Application Server Java 6.40" eval DVD Found & coded by Nicob The downloaded file is limited to the first 32 kilobytes Usual port : TCP/3200+SYSNR Exemple :...
SAP Web Application Server 6.40 - Arbitrary File Disclosure
!/usr/bin/perl -w SAP 'enserver.exe' file downloader Tested on "SAP Web Application Server Java 6.40" eval DVD Found & coded by Nicob The downloaded file is limited to the first 32 kilobytes Usual port : TCP/3200+SYSNR Exemple : ./r3-stealer-1.0.pl 192.168.2.22 3201 "c:\boot.ini" From MSDN Win2K...
Multiple Orcale security vulnerabilities.... again...
Released security update fixes 17 security vulnerabilities for Oracle Database, 9 vulnerabilities in Oracle HTTP Server, 12 security vulnerabilities for Oracle Application Server, 7 vulnerabilities for Oracle E-Business Suite, 6 security bugs in Oracle Enterprise Manager, 3 bugs in Oracle...
Oracle应用服务器EmChartBeam远程目录遍历漏洞
Oracle应用服务器是一个综合解决方案,用于开发、集成和部署企业的应用系统、门户和网站。 Oracle应用服务器的服务端组件EmChartBean中存在目录遍历漏洞,非授权用户可以通过发送GET请求以Javaw.exe进程的权限(默认为LocalSystem)远程访问根目录以外的文件。 EmChartBean仅存在于运行时,在初始调用登陆页面后从JAR文件中解压,因此如果要利用这个漏洞攻击者必须首先能够向登陆页面提交请求。 Oracle Application Server 10g Release 3 10.1.3.0.0...
Oracle Reports Web Cartridge (RWCGI60)跨站脚本执行漏洞
Oracle应用服务器是一个综合解决方案,用于开发、集成和部署企业的应用系统、门户和网站。 Oracle应用服务Reports Web Cartridge在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在用户浏览器中执行恶意脚本代码。 在使用Oracle应用服务器处理Web客户端请求时,报表服务器必需Reports Web CGI或Web Cartridge。由于没有正确验证genuser参数,远程攻击者可以在输入中注入任意脚本并在客户端浏览器中执行。这一漏洞在认证表单中尤其严重,因为恶意用户可以通过这种攻击获得其他用户的认证凭据。 Oracle Application...
SAP Internet Graphics Service buffer overflow
Overview SAP Internet Graphics Service contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to SAP,The Internet Graphics Service IGS constitutes the infrastructure to enable the...
SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-001 Advisory Title: Oracle Application Server 10g - Directory Traversal Release Date: 16-01-2007 Application: Oracle Application Server 10g...
[ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS
============================================= INTERNET SECURITY AUDITORS ALERT 2007-001 - Original release date: January 17, 2007 - Last revised: January 17, 2007 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY...
CVE-2007-0283
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02...
Design/Logic Flaw
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka 1 OC4J03 and 2 OC4J04...