CVE-2005-2093

Oracle 9i Application Server Oracle9iAS 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to...

CVE-2002-1858

CVE-2002-1858 affects Oracle9i Application Server (versions 1.0.2.2 and 9.0.2 through 9.0.2.0.1) when running on Windows. It allows remote attackers to disclose contents of the WEB-INF directory (Java class files and config) by requesting the directory with a trailing dot (WEB-INF.). The connecte...

CVE-2002-1856

CVE-2002-1856 affects HP Application Server 8.0 on Windows, where a remote attacker can retrieve files under the WEB-INF directory by requesting WEB-INF. with a trailing dot. The CVSS v2 base score is 5.0 (MEDIUM) with network access and low complexity, no authentication required, partial confide...

CVE-2002-1859

CVE-2002-1859 concerns Orion Application Server 1.5.3 on Windows, where an information disclosure flaw allows remote attackers to retrieve files from the WEB-INF directory by requesting the directory with a trailing dot (WEB-INF.). The vulnerability affects requests to the WEB-INF/ path that expo...

CVE-2002-1861

CVE-2002-1861 concerns Sybase Enterprise Application Server 4.0 running on Windows, where a remote attacker could retrieve files from the WEB-INF directory by requesting the directory with a trailing dot (WEB-INF.). This is an information disclosure vulnerability tied to how the server handles WE...

CVE-2002-1858

Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

CVE-2002-1859

Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

CVE-2005-1889

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files...

CVE-2005-1889

Technical details about CVE-2005-1889 are not provided in the supplied documents; no concrete information on affected versions, root cause, or remediation is available here.

IBM WebSphere Application Server administrative console buffer overflow

Buffer overflow during authentication process...

CVE-2005-1872

The CVE-2005-1872 entry covers a buffer overflow in the administrative console of IBM WebSphere Application Server 5.x when global security is enabled. The related advisory materials describe improper validation of user-supplied input in the authentication process, which can allow remote attacker...

CVE-2005-1889

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files...

Sun One application server directory traversal

No description provided...

[SA15609] Sun ONE Application Server Unspecified File Disclosure

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15598] WebSphere Application Server Administrative Console Buffer Overflow

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Bea Weblogic application server Server Console crossite scripting

Crossite scripting; no session cookie timeout is implemented...

CVE-2003-1193

Multiple SQL injection vulnerabilities in the Portal DB 1 List of Values LOVs, 2 Forms, 3 Hierarchy, and 4 XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL...

CVE-2004-1816

Sun Java System Application Server 7.0 Update 2 and earlier is affected when a SOAP web service expects an array of objects as an argument, leading to denial of service through memory consumption. The provided sources confirm the vulnerability description but do not supply concrete exploit detail...

CVE-2003-1193

CVE-2003-1193 corresponds to SQL injection vulnerabilities in Oracle9i Application Server Portal DB components (LOVs, Forms, Hierarchy, XML) across versions 9.0.2.00–3.0.9.8.5. The OpenVAS/Nessus evidence references show a related Portal_DEMO.ORG_CHART exposure accessible through mod_plsql, which...

Oracle Application Server < 10.1.0.0.3 Privilege Escalation

Binary data 2881.prm...