CVE-2002-0387

CVE-2002-0387 refers to a buffer overflow in the gxnsapi6.dll NSAPI plugin of the Sun ONE Application Server’s Connector Module. The overflow occurs when handling a long HTTP request URL, enabling a remote attacker to potentially execute arbitrary code on affected hosts. The issue affects Sun ONE...

CVE-2002-0842

CVE-2002-0842 is a format-string vulnerability in Oracle’s mod_dav extension (used for logging gateway errors) that could enable remote code execution via a crafted destination URI triggering a 502 Bad Gateway. The vulnerability affects Oracle9i Application Server 9.0.2 (and related mod_dav code ...

Oracle Application Server contains several vulnerabilities

Overview Several vulnerabilities exist in the Portal and iSQLPlus components of the Oracle Application Server. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system...

krb5 -- ASN.1 decoder denial-of-service vulnerability

An advisory published by the MIT Kerberos team says: The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. An unauthenticated remote attacker can cause a KDC or...

Sun ONE (iPlanet) Application Server < 6.5 SP1 NSAPI Plugin Overflow

Binary data 1586.prm...

Oracle Application Server Web Cache Multiple Vulnerabilities

Binary data 1213.prm...

Oracle 10g Application Server SQL Injection

Binary data 3524.prm...

IBM WebSphere Application Server < 6.1.0.17 Unspecified Vulnerability

Binary data 4530.prm...

SUN Java System Application Server Version Detection

Binary data 4507.prm...

IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities

Binary data 5076.prm...

CVE-2004-1362

The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded...

CVE-2004-0385

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear...

CVE-2004-0385

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear...

Oracle Application Server Web Cache <= 9.0.4.0 Multiple Vulnerabilities

The remote host is running a version of Oracle Application Server Web Cache version 9.0.4.0 or older. The installed version is affected by a heap overflow vulnerability. Provided Web Cache is running and configured to listen on Oracle Application Server Web Cache listener port and accept requests...

CVE-2004-1877

The psubmiturl value in the sample login form in the Oracle 9i Application Server 9iAS Single Sign-on Administrators Guide, Release 29.0.2 for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password...

Oracle Application Server Web Cache contains heap overflow vulnerability

Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...

Multiple Vendor SOAP server array DoS

///////////////////////////////////////////////////////////////////// //===================== Security Advisory =====================// ///////////////////////////////////////////////////////////////////// --------------------------------------------------------------------- ----- Multiple Vendor...

CVE-2004-1816

Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service memory consumption...

CVE-2003-1529

Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" encoded dot dot in the URL...

Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS &#40;#NISR05112003&#41;

NGSSoftware Insight Security Research Advisory Name : Multiple Oracle Application Server SQL Injection Vulnerabilities Systems Affected: All OS platforms; Oracle9i Application Server Release 1 and 2 and RDBMS Severity : High Risk Vendor URL : http://www.oracle.com/ Author : David Litchfield...