10 matches found
Design/Logic Flaw
Oracle Application Server OracleAS Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /davportal/portal/ by sending a request containing a trailing "%0A" encoded line feed, then using the session ID that is generated from that request. NOTE: as of...
CVE-2008-2138
Oracle Application Server Portal 10g is affected by an authentication bypass vulnerability (CVE-2008-2138) where an unauthenticated attacker can read files under /dav_portal/portal by sending a crafted GET request containing a trailing %0A and then reusing the session ID generated from that reque...
Cross site scripting
Cross-site scripting XSS vulnerability in PORTAL.wwvmain.renderwarningscreen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the 1 poldurl and 2 pnewurl parameters...
CVE-2007-1506
Cross-site scripting XSS vulnerability in PORTAL.wwvmain.renderwarningscreen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the 1 poldurl and 2 pnewurl parameters...
CVE-2007-1506
The CVE-2007-1506 entry describes a Cross‑site Scripting (XSS) vulnerability in Oracle Portal 10g, specifically in PORTAL.wwv_main.render_warning_screen, exploitable by supplying crafted values in the p_oldurl and p_newurl parameters. The affected software is Oracle Portal 10g; the underlying iss...
Oracle Portal 10g - P_OldURL Cross-Site Scripting
Oracle Portal 10g - POldURL Cross-Site Scripting source: https://www.securityfocus.com/bid/22999/info Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
Oracle Portal 10g - 'P_OldURL' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22999/info Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...
XSS with default page parameter in Oracle Portal 10g
XSS with default page parameter in Oracle Portal 10g Discovered By: Phm c Hi Pham Duc Hai Email: duchaikhtn at gmail dot com YIM : kikicoco1985vn Website: http://blog.ajaxviet.com ------------------------- Description: When programmers code with Oracle Portal, they may use page parameters support...
CVE-2006-6697
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter...
CVE-2006-6697
CVE-2006-6697 describes a CRLF injection in Oracle Portal 10g and earlier (including 9.0.2) via webapp/jsp/calendar.jsp where an attacker can inject arbitrary HTTP headers and trigger HTTP response splitting by manipulating the enc parameter. Related entries note that CVE-2006-6699’s calendar.jsp...