EUVD-2002-0936

Malware in sbrugna...

Oracle Reports Server 6.0.8/9.0.2 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5262/info A problem with Reports Server could make it possible to gain sensitive information from the server. Under some circumstances, Reports Server may yield sensitive information to unauthenticated remote users. This...

Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14313/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may...

Oracle Reports Server 6.0.8/9.0.x - XML File Disclosure

source: https://www.securityfocus.com/bid/14311/info Oracle Reports Server may allow remote attackers to disclose parts of arbitrary XML files. Reportedly, the server fails to restrict users from accessing parts of arbitrary XML files when handling specially crafted HTTP GET requests. All version...

Oracle Reports Server 6.0.8/9.0.x - Unauthorized Report Execution

source: https://www.securityfocus.com/bid/14316/info Oracle Reports Server is susceptible to an unauthorized report execution vulnerability. By placing a report file in a globally accessible location, users can trigger the execution of the report by issuing an HTTP GET request to the affected...

Oracle Reports Server 6.0.89.0.x - Arbitrary File Disclosure

Oracle Reports Server 6.0.89.0.x - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/14312/info Oracle Reports Server may allow remote attackers to disclose parts of arbitrary files. Reportedly, the server fails to restrict users from accessing parts of arbitrary files when...

CVE-2005-0873

CVE-2005-0873 covers multiple XSS vulnerabilities in Oracle Reports Server 10g (9.0.4.3.3), specifically in test.jsp via the desname and repprod parameters. The NVD entry confirms remote, non-authenticated XSS with arbitrary script/HTML injection. Nessus plugin notes a remediation: disable access...

oracleXSS10g.txt

Oracle Reports Server 10g 9.0.4.3.3 Vulnerable to Cross Site Scripting http://paolo/reports/examples/Tools/test.jsp?repprod&desname='alertdocument.cookie; http://paolo/reports/examples/Tools/test.jsp?repprod"alertdocument.cookie; Paolo sends GREETS to Oracle secalert Paolo...

Oracle Reports Server test.jsp Multiple Parameter XSS

The remote host is running Oracle Report Server, a reporting application. The remote version of this software contains to a cross-site scripting vulnerability that may allow an attacker to use the remote host to perform a cross-site scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security...

Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12892/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An...

Oracle Reports Server 10g Vulnerable to XSS

Oracle Reports Server 10g 9.0.4.3.3 Vulnerable to Cross Site Scripting http://paolo/reports/examples/Tools/test.jsp?repprod&desname='scriptalertdocument.cookie;/script http://paolo/reports/examples/Tools/test.jsp?repprod"scriptalertdocument.cookie;/script Paolo sends GREETS to Oracle secalert Pao...

CVE-2002-0947

CVE-2002-0947 describes a buffer overflow in the rwcgi60 CGI program used by Oracle Reports Server 6.0.8.18.0 and earlier (Oracle9iAS and other products). The vulnerability allows a remote attacker to execute arbitrary code via a long database name parameter. The Oracle RWCGI60 component handles ...

CVE-2002-0947

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter...

CVE-2002-0947

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter...

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...

CVE-2002-1089

CVE-2002-1089 affects rwcgi60, the CGI used with Oracle Reports Server. The flaw is an information disclosure: the program can reveal sensitive data (the full pathname), which an attacker could leverage for further attacks. Connected documents (Nessus plugin) confirm rwcgi60 exposure as part of O...

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...

Information leak in Oracle Reports Server

It's possible to obtain system data...

[AP] Oracle Reports Server Information Disclosure Vulnerability

-- ------------------------- -- - AngryPacket Security Advisory - -- ------------------------- -- - +--------------------- -- - + advisory information +------------------ -- - author: skp [email protected] release date: 07/17/2002 homepage: http://sec.angrypacket.com advisory id: 0x0004...

Oracle Reports Server 6.0.89.0.2 - Information Disclosure

Oracle Reports Server 6.0.89.0.2 - Information Disclosure source: https://www.securityfocus.com/bid/5262/info A problem with Reports Server could make it possible to gain sensitive information from the server. Under some circumstances, Reports Server may yield sensitive information to...