Cross site scripting

Cross-site scripting XSS vulnerability in servlet/Spy in Dynamic Monitoring Services DMS in Oracle Application Server OAS 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563...

Oracle 9iAS Dynamic Monitoring Services

In a default installation of Oracle 9iAS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted. OpenVAS Vulnerability Test $Id: oracle9iapachedms.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS Dynamic Monitoring...

CVE-2002-0563

CVE-2002-0563 describes a vulnerability in Oracle 9i Application Server 1.0.2.x where the default configuration allows remote anonymous access to sensitive services without authentication. Affected components include Dynamic Monitoring Services (dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, so...

CVE-2002-0563

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services 1 dms0, 2 dms/DMSDump, 3 servlet/DMSDump, 4 servlet/Spy, 5 soap/servlet/Spy, and 6 dms/AggreSpy; and Oracle Ja...

Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous Process Manipulation

The remote host is an Oracle 9iAS server. By default, accessing the location /oprocmgr-status via HTTP lets an attacker obtain the list of processes running on the remote host, and even to to start or stop them. %NASLMINLEVEL 70300 This script was written by Matt Moore Script audit and...