CVE-2006-1039

SAP Web Application Server WebAS Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers...

CVE-2006-1039

CVE-2006-1039 affects the SAP Web Application Server (WebAS) Kernel prior to 7.0. The vulnerability allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information (and potentially other impacts) by exploiting a ";%20" sequence followed by ...

mod_pubcookie -- cross site scripting vulnerability

Nathan Dors of the Pubcookie Project reports: Non-persistent XSS vulnerabilities were found in the Pubcookie Apache module modpubcookie and ISAPI filter. These components mishandle untrusted data when printing responses to the browser. This makes them vulnerable to carefully crafted requests...

SAP Web Application Server crossite scripting

No description provided...

CVE-2006-0435

Unspecified vulnerability in Oracle PL/SQL PLSQL, as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows...

CVE-2006-0435

Unspecified vulnerability in Oracle PL/SQL PLSQL, as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows...

CVE-2006-0435

The CVE-2006-0435 entry concerns Oracle PL/SQL Gateway/PLSQLExclusion bypass vulnerability (PLSQL01). Public sources (CERT VU and NVD) describe that the Oracle PL/SQL Gateway fails to validate HTTP requests, potentially allowing a remote attacker to bypass access controls and execute SQL commands...

Oracle Reports arbitrary file reading vulnerability

Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a componen...

Directory traversal

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln 1 FORM01 and 2 FORM02 in the Oracle Forms component...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP03...

Directory traversal

Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26PS17 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP05 and 2 REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliab...

Design/Logic Flaw

Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln JN01...

Design/Logic Flaw

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 Oracle9i has unspecified impact and attack vectors, as identified by Oracle Vuln DBC01...

Design/Logic Flaw

Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 Oracle9i has unspecified impact and attack vectors, as identified by Oracle Vuln DBC02 in the Reorganize Objects & Convert Tablespace component...

Design/Logic Flaw

Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP01 and 2 REP02...

Buffer overflow

Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln OHS02...

Buffer overflow

Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln OHS01...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 Oracle9i, and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 WF02...

Code injection

Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln AS01...