CVE-2005-4550

The PORTAL schema in Oracle Application Server OracleAS Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a dfnextpage parameter with a trailing null byte %00...

CVE-2005-4549

CVE-2005-4549 describes a cross-site scripting (XSS) vulnerability in the Oracle Application Server (OracleAS) Discussion Forum Portlet. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the RowKeyValue parameter in the PORTAL schema and the title and content fi...

oracle Application server discussion forum portlet - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The application is prone to a cross-site scripting vulnerability. Discussion Forum Portle...

Macromedia JRun Application Server platform multiple vulnerabilities

Source code leak, Web server DoS...

CVE-2005-4413

CVE-2005-4413 affects IBM WebSphere Application Server 6 sample scripts, enabling multiple cross-site scripting (XSS) vectors via input fields such as PlantsByWebSphere/login.jsp, TechnologySample/BulletinBoard Script, TechnologySamples/Subscription, and TechnologySamples/MovieReview2_1. The vuln...

Lighthouse CMS 1.1 - Search Cross-Site Scripting

source: https://www.securityfocus.com/bid/15952/info Lighthouse is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

CVE-2005-4046

Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct...

CVE-2005-4046

Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct...

Oracle Enterprise Manager Agent buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3460 BID: 15146 OSVDB: 20664 Background Oracle Application Server 10g includes the emagent.exe program which listens for connections on port 1830/TCP by default. Problem A buffer overflow vulnerability in emagent.exe could allow a remote attacker to execute arbitra...

Oracle Enterprise Manager Agent buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3460 BID: 15146 OSVDB: 20664 Background Oracle Application Server 10g includes the emagent.exe program which listens for connections on port 1830/TCP by default. Problem A buffer overflow vulnerability in emagent.exe could allow a remote attacker to execute arbitra...

[SA17658] IBM WebSphere Application Server for z/OS Double-Free Vulnerability

TITLE: IBM WebSphere Application Server for z/OS Double-Free Vulnerability SECUNIA ADVISORY ID: SA17658 VERIFY ADVISORY: http://secunia.com/advisories/17658/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: IBM WebSphere Application Server 5.x...

CVE-2005-3760

CVE-2005-3760 describes a double free vulnerability in the BBOORB module of IBM WebSphere Application Server for z/OS 5.0, causing denial of service (ABEND). The issue is exploitable over a network with no authentication (per NVD metrics: AV:N/AC:L/Au:N/C:N/I:N/A:C, base score 7.8). References po...

CVE-2005-3633

HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter...

CVE-2005-3635

Multiple cross-site scripting XSS vulnerabilities in SAP Web Application Server WAS 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via 1 the sap-syscmd in sap-syscmd and 2 the BspApplication field in the SYSTEM PUBLIC test application...

CVE-2005-3636

Cross-site scripting XSS vulnerability in SAP Web Application Server WAS 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages...

CVE-2005-3635

Multiple cross-site scripting XSS vulnerabilities in SAP Web Application Server WAS 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via 1 the sap-syscmd in sap-syscmd and 2 the BspApplication field in the SYSTEM PUBLIC test application...

CVE-2005-3636

The vulnerability CVE-2005-3636 is an XSS flaw in SAP Web Application Server (WAS) 6.10 that allows remote attackers to inject arbitrary web script or HTML through Error Pages. The NVD entry notes a MEDIUM severity (CVSS2: AV:N/AC:M/Au:N/C:N/I:P/A:N) with a partial integrity impact. No exploit de...

CVE-2005-3633

The CVE-2005-3633 entry describes an HTTP response splitting vulnerability in SAP Web Application Server (WAS) 6.10 through 7.00. The issue affects frameset.htm, allowing remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. The vulnerability’s root cause is improper ha...

CVE-2005-3633

HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter...

CVE-2005-3635

SAP Web Application Server (WAS) 6.10–7.00 has multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via (1) sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. The sources confirm...