Allaire JRun Java Application Server vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the Allaire JRun Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...

CVE-2001-0419

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server iWS 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/...

CVE-2001-0419

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server iWS 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/...

CVE-2001-0419

CVE-2001-0419 describes a buffer overflow in the shared library ndwfn4.so used by iPlanet Web Server 4.1 when acting as a web listener for Oracle Application Server 4.0.8.2. An attacker can trigger the overflow by sending a very long HTTP request (e.g., to /jsp/) to cause remote code execution on...

Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator

Post date: 05/22/01 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator Overview A potential security vulnerability has been discovered in Applications Desktop Integrator ADI version 7.X for Oracle E-Business Suite Release 11i. A debug version of the FNDPUB11I.DLL...

CVE-2001-0326

The CVE-2001-0326 entry concerns Oracle Java Virtual Machine (JVM) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1. Description in connected sources indicates an information disclosure vulnerability: remote attackers could read arbitrary files via the .jsp and .sqljsp extens...

Oracle Application Server ndwfn4.so HTTP Request Remote Overflow

It may be possible to make a web server execute arbitrary code by sending it a too long url starting with /jsp/ For example: GET /jsp/AAAA.....AAAAA C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10654; scriptversion"1.27"; scriptcvsdate"Date: 2018/07/16 14:09:13";...

Дырка в Oracle Application Server (shared library buffer overflow)

Переполнение буфера при длинном запросе...

Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow

Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow source: https://www.securityfocus.com/bid/2569/info The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web...

Oracle Application Server shared library buffer overflow

$Id: safer0016oasadvisory.txt,v 1.3 2001/03/27 10:27:16 vanja Exp $ S.A.F.E.R. Security Bulletin 0016 TITLE : Oracle Application Server shared library buffer overflow DATE : April 10, 2001 NATURE : Remote execution of code, Denial of Service AFFECTED : Oracle application server 4.0.8.2 + iWS...

Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow

source: https://www.securityfocus.com/bid/2569/info The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web server. If the library is sent a request longer than...

CHINANSL Security Advisory(CSA-200107)

Topic: IBM WCS 4.0.1 + Application Server 3.0.2 for Solaris 2.7 show ".jsp" source Vulnerability. vulnerable: Solaris 2.7 + IBM WCS4.0,Application Server 3.0.2 discussion: follow URL insert "/" will be downloading ".jsp" source. exploits: http://target/index.jsp/ solution: to...

Oracle Application Server XSQL Stylesheet Arbitrary Java Code Execution

The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details Changes by Tenable: -...

CVE-2000-1235

The default configurations of 1 the port listener and 2 modplsql in Oracle Internet Application Server IAS 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor DAD files...

CVE-2000-1236

SQL injection vulnerability in modsql in Oracle Internet Application Server IAS 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL...

Oracle WebDb engine brain-damagse

Ladies and gentlemen, here's something tasty: // Standard disclaimer applies. This post expresses my personal beliefs // and convinctions only. I am speaking as a private person. All the // statements were been provided for informative purposes only, and have // to be verified by the reader. NONE...

WebSphere application server plugin issue & vendor fix

I've had the opportunity to work with IBM WebSphere application server for a few months now and, in the course of playing around with some buffer overrun testing, a potential issue came up. WebSphere uses the HTTP Host: header to decide which WAS Virtual Host will service a particular request...

IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service

source: https://www.securityfocus.com/bid/1691/info Large amounts of data ie 1092+ characters in the Host: request header may cause the web server process to fault on signal 11 SIGSEGV or signal 10 SIGBUS. GET /servletsnoop HTTP/1.0 Host: xxxxxxxxxxxxxxxxxxxxxxxx1092+ characters resulted in the...

IBM WebSphere JSP showcode vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere Application Server ---------------------------------------------------------------------- FS Advisory ID: FS-061200-3-IBM Release Date: June 12, 2000 Product: WebSphere Application Server Vendo...

New Allaire ColdFusion DoS

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Allaire's ColdFusion ---------------------------------------------------------------------------- --------- FS Advisory ID: FS-060700-1-CFM Release Date: June 7, 2000 Product: ColdFusion Web Application Serv...