65 matches found
Oracle Reports Server 10g Vulnerable to XSS
Oracle Reports Server 10g 9.0.4.3.3 Vulnerable to Cross Site Scripting http://paolo/reports/examples/Tools/test.jsp?repprod&desname='scriptalertdocument.cookie;/script http://paolo/reports/examples/Tools/test.jsp?repprod"scriptalertdocument.cookie;/script Paolo sends GREETS to Oracle secalert Pao...
Oracle Reports Server test.jsp Multiple Parameter XSS
The remote host is running Oracle Report Server, a reporting application. The remote version of this software contains to a cross-site scripting vulnerability that may allow an attacker to use the remote host to perform a cross-site scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security...
Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/12892/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An...
CVE-2002-0947
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter...
CVE-2002-0947
CVE-2002-0947 describes a buffer overflow in the rwcgi60 CGI program used by Oracle Reports Server 6.0.8.18.0 and earlier (Oracle9iAS and other products). The vulnerability allows a remote attacker to execute arbitrary code via a long database name parameter. The Oracle RWCGI60 component handles ...
CVE-2002-0707
The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service CPU consumption via large GET requests, possibly due to a buffer overflow...
CVE-2002-0947
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter...
CVE-2002-1089
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...
CVE-2002-0707
The CVE-2002-0707 issue affects SurfControl SuperScout WebFilter’s Web Reports Server. The vulnerability allows remote attackers to trigger a denial of service by sending large GET requests, potentially due to a buffer overflow. Documented impact is CPU consumption leading to service unavailabili...
CVE-2002-0706
CVE-2002-0706 affects SurfControl SuperScout WebFilter’s Web Reports Server, specifically the UserManager.js component. The root cause is the use of weak encryption for administrator functions, with a hard-coded key inside a JavaScript function, enabling decryption of the admin password. This all...
CVE-2002-0706
UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function...
CVE-2002-0705
The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords...
CVE-2002-0708
Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... triple dot sequences...
CVE-2002-0705
CVE-2002-0705 affects SurfControl SuperScout WebFilter's Web Reports Server. The vulnerability stems from storing the scwebusers file (usernames) and associated passwords in a web-accessible directory, allowing remote attackers to obtain valid usernames and crack passwords. The security advisory ...
CVE-2002-0708
The CVE-2002-0708 entry relates to a directory traversal vulnerability in SurfControl SuperScout WebFilter’s Web Reports Server. Affected component: Web Reports Server; vulnerability arises from improper handling of HTTP requests containing repeated dot sequences, enabling remote attackers to rea...
CVE-2002-0709
SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs...
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
source: https://www.securityfocus.com/bid/5857/info SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files. The Reports Server does not sufficiently filter triple-dot-slash .../ sequences from web...
CVE-2002-1089
CVE-2002-1089 affects rwcgi60, the CGI used with Oracle Reports Server. The flaw is an information disclosure: the program can reveal sensitive data (the full pathname), which an attacker could leverage for further attacks. Connected documents (Nessus plugin) confirm rwcgi60 exposure as part of O...
CVE-2002-1089
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...
[AP] Oracle Reports Server Information Disclosure Vulnerability
-- ------------------------- -- - AngryPacket Security Advisory - -- ------------------------- -- - +--------------------- -- - + advisory information +------------------ -- - author: skp [email protected] release date: 07/17/2002 homepage: http://sec.angrypacket.com advisory id: 0x0004...