Oracle ATS DownloadServlet exportFileName Directory Traversal (CVE-2016-0486)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter exportFileName. A remote unauthenticated attacker can exploit this vulnerability by...

Liferay Portal < 5.2.3 'exportFileName' File Creation Remote Code Execution

Binary data 5859.prm...