CVE-2002-1861

Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

CVE-2002-1632

Oracle 9i Application Server 9iAS installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via 1 info.jsp, 2 printenv, 3 echo, or 4 echo2...

CVE-2002-1635

The Apache configuration file httpd.conf in Oracle 9i Application Server 9iAS uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin...

CVE-2002-1630

The sendmail.jsp sample page in Oracle 9i Application Server 9iAS allows remote attackers to send arbitrary emails...

CVE-2002-1631

SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server 9iAS allows remote attackers to execute arbitrary code via the sql parameter...

CVE-2002-1636

Cross-site scripting XSS vulnerability in the htp PL/SQL package for Oracle 9i Application Server 9iAS allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print...

Oracle 9i Application Server 9.0.2 Web Cache Administration Tool - Denial of Service

Oracle 9i Application Server 9.0.2 Web Cache Administration Tool - Denial of Service source: https://www.securityfocus.com/bid/5902/info Oracle 9i Application Server 9iAS allows remote administration via a web access module. This vulnerability affects Oracle 9iAS running on Microsoft Windows. Whe...

Oracle 9i Application Server 9.0.2 Web Cache Administration Tool - Denial of Service

source: https://www.securityfocus.com/bid/5902/info Oracle 9i Application Server 9iAS allows remote administration via a web access module. This vulnerability affects Oracle 9iAS running on Microsoft Windows. When a custom request is sent to the Web Administration module, the module may react...

DB4Web 3.43.6 - File Disclosure

DB4Web 3.43.6 - File Disclosure source: https://www.securityfocus.com/bid/5723/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. A...

Oracle Application Server Web Cache HTTP Request Overflow

It may be possible to make the Oracle9i application server crash or execute arbitrary code by sending it a too long url specially crafted URL. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: Date: Thu, 18 Oct 2001 16:16:20 +0200 From: "andreas junestam" Affiliation: Defcom To:...

CVE-2002-0563

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services 1 dms0, 2 dms/DMSDump, 3 servlet/DMSDump, 4 servlet/Spy, 5 soap/servlet/Spy, and 6 dms/AggreSpy; and Oracle Ja...

CVE-2002-0560

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWAUTIL stored procedures 1 OWAUTIL.signature, 2 OWAUTIL.listprint, or 3 OWAUTIL.showquerycolumns...

CVE-2002-0562

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa...

CVE-2002-0569

Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet XSQLServlet...

CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting 1 XSQLConfig.xml or 2 soapConfig.xml through a virtual directory...

CVE-2002-0566

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service crash via an HTTP Authorization header without an authentication type...

CVE-2001-0962

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing...

CVE-2001-0962

The CVE-2001-0962 entry concerns IBM WebSphere Application Server versions 3.02 through 3.53, where session IDs used in cookies are predictable. This predictability enables remote attackers to brute-force session IDs and gain privileges of WebSphere users. The documented impact is privilege escal...

CVE-2002-0561

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings...

CVE-2002-0563

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services 1 dms0, 2 dms/DMSDump, 3 servlet/DMSDump, 4 servlet/Spy, 5 soap/servlet/Spy, and 6 dms/AggreSpy; and Oracle Ja...