Lucene search
+L

10 matches found

prion
prion
added 2008/05/12 4:20 p.m.22 views

Design/Logic Flaw

Oracle Application Server OracleAS Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /davportal/portal/ by sending a request containing a trailing "%0A" encoded line feed, then using the session ID that is generated from that request. NOTE: as of...

5CVSS6.9AI score0.15508EPSS
Exploits1References6Affected Software1
cve
cve
added 2008/05/12 4:0 p.m.67 views

CVE-2008-2138

Oracle Application Server Portal 10g is affected by an authentication bypass vulnerability (CVE-2008-2138) where an unauthenticated attacker can read files under /dav_portal/portal by sending a crafted GET request containing a trailing %0A and then reusing the session ID generated from that reque...

5CVSS6.4AI score0.15508EPSS
Exploits1References6Affected Software1
prion
prion
added 2007/03/19 10:19 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in PORTAL.wwvmain.renderwarningscreen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the 1 poldurl and 2 pnewurl parameters...

4.3CVSS5.9AI score0.0181EPSS
Exploits0References5
cvelist
cvelist
added 2007/03/19 10:0 p.m.19 views

CVE-2007-1506

Cross-site scripting XSS vulnerability in PORTAL.wwvmain.renderwarningscreen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the 1 poldurl and 2 pnewurl parameters...

5.5AI score0.0181EPSS
Exploits0References5
cve
cve
added 2007/03/19 10:0 p.m.58 views

CVE-2007-1506

The CVE-2007-1506 entry describes a Cross‑site Scripting (XSS) vulnerability in Oracle Portal 10g, specifically in PORTAL.wwv_main.render_warning_screen, exploitable by supplying crafted values in the p_oldurl and p_newurl parameters. The affected software is Oracle Portal 10g; the underlying iss...

4.3CVSS5.5AI score0.0181EPSS
Exploits0References5Affected Software1
exploitpack
exploitpack
added 2007/03/16 12:0 a.m.11 views

Oracle Portal 10g - P_OldURL Cross-Site Scripting

Oracle Portal 10g - POldURL Cross-Site Scripting source: https://www.securityfocus.com/bid/22999/info Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

6.8AI score
Exploits0
exploitdb
exploitdb
added 2007/03/16 12:0 a.m.26 views

Oracle Portal 10g - 'P_OldURL' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22999/info Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/12/30 12:0 a.m.46 views

XSS with default page parameter in Oracle Portal 10g

XSS with default page parameter in Oracle Portal 10g Discovered By: Phm c Hi Pham Duc Hai Email: duchaikhtn at gmail dot com YIM : kikicoco1985vn Website: http://blog.ajaxviet.com ------------------------- Description: When programmers code with Oracle Portal, they may use page parameters support...

6AI score
Exploits0
cvelist
cvelist
added 2006/12/22 2:0 a.m.14 views

CVE-2006-6697

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter...

6.5AI score0.10321EPSS
Exploits0References9
cve
cve
added 2006/12/22 2:0 a.m.54 views

CVE-2006-6697

CVE-2006-6697 describes a CRLF injection in Oracle Portal 10g and earlier (including 9.0.2) via webapp/jsp/calendar.jsp where an attacker can inject arbitrary HTTP headers and trigger HTTP response splitting by manipulating the enc parameter. Related entries note that CVE-2006-6699’s calendar.jsp...

7.5CVSS6.5AI score0.10321EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder