9842 matches found
CVE-2002-2153
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code...
CVE-2002-2153
The vulnerability CVE-2002-2153 is a format string flaw in the PL/SQL module’s administrative pages of Oracle Application Server 4.0.8 (and 4.0.8 2). The underlying issue is a format string vulnerability that allows remote attackers to execute arbitrary code. The affected component is the PL/SQL ...
CVE-2005-3634
SAP Web Application Server (WAS) 6.10–7.00 is affected by an open redirect in frameset.htm of the BSP runtime. A remote attacker can cause users to log out and be redirected to arbitrary sites by manipulating sap-sessioncmd (close) and sap-exiturl parameters. The vulnerability is tied to the BSP ...
[Full-disclosure] CYBSEC - Security Advisory: Multiple XSS in SAP WAS
The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryMultipleXSSinSAPWAS.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Multiple XSS in SAP WAS Web Application Server Vulnerability Class: Cross-Site Scripting Release Date:...
SAP Web Application Server 6.x7.0 - Input Validation
SAP Web Application Server 6.x7.0 - Input Validation source: https://www.securityfocus.com/bid/18006/info SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitiz...
SAP Web Application Server 6.x7.0 - frameset.htm?sap-syscmd Cross-Site Scripting
SAP Web Application Server 6.x7.0 - frameset.htm?sap-syscmd Cross-Site Scripting source: https://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize...
SAP Web Application Server 6.x7.0 - Error Page Cross-Site Scripting
SAP Web Application Server 6.x7.0 - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...
SAP Web Application Server 6.x7.0 - Open Redirection
SAP Web Application Server 6.x7.0 - Open Redirection source: https://www.securityfocus.com/bid/15362/info SAP Web Application Server is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through...
[Full-disclosure] CYBSEC - Security Advisory: Phishing Vector in SAP WAS
The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryPhishingVectorinSAPWAS.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Phishing Vector in SAP WAS Web Application Server Vulnerability Class: Phishing Vector / Improper Input...
Multiple SAP Web Application Server vulnerabilities
Crossite scripting, request redirection, HTTP response splitting...
SAP Web Application Server 6.x/7.0 - Input Validation
source: https://www.securityfocus.com/bid/18006/info SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit...
SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script...
SAP Web Application Server 6.x/7.0 - Open Redirection
source: https://www.securityfocus.com/bid/15362/info SAP Web Application Server is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl' parameter. A successful attack may...
CVE-2005-3498
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive informatio...
CVE-2005-3498
CVE-2005-3498 affects IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5. When session trace is enabled, the server logs may record the full URL including the queryString during URL encoding, potentially exposing sensitive information via ...
Oracle 9iAS OWA UTIL access
Oracle 9iAS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...
Oracle 9iAS access to SOAP documentation
In a default installation of Oracle 9iAS, it is possible to access SOAP documentation. These files might be useful for an attacker to determine what application server is being used. OpenVAS Vulnerability Test $Id: oracle9isoapdocs.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS...
Zope ZClass Permission Mapping Bug
The remote web server contains an application server that is prone to a privilege escalation flaw. Description : The remote web server uses a version of Zope which is older than version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass permission mappings for...
FastCGI samples Cross Site Scripting
Two sample CGI's supplied with FastCGI are vulnerable to cross-site scripting attacks. FastCGI is an 'open extension to CGI that provides high performance without the limitations of server specific APIs', and is included in the default installation of the 'Unbreakable' Oracle9i Application Server...
Non-Existent Page Physical Path Disclosure Vulnerability (HTTP)
The remote web server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2003 Michel Arboi SPDX-FileCopyrightText: Improved / extended code / detection routine since 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...