Lucene search
+L

65 matches found

securityvulns
securityvulns
added 2005/03/24 12:0 a.m.44 views

Oracle Reports Server 10g Vulnerable to XSS

Oracle Reports Server 10g 9.0.4.3.3 Vulnerable to Cross Site Scripting http://paolo/reports/examples/Tools/test.jsp?repprod&desname='scriptalertdocument.cookie;/script http://paolo/reports/examples/Tools/test.jsp?repprod"scriptalertdocument.cookie;/script Paolo sends GREETS to Oracle secalert Pao...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/03/24 12:0 a.m.30 views

Oracle Reports Server test.jsp Multiple Parameter XSS

The remote host is running Oracle Report Server, a reporting application. The remote version of this software contains to a cross-site scripting vulnerability that may allow an attacker to use the remote host to perform a cross-site scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security...

4.3CVSS5.1AI score0.11027EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2005/03/24 12:0 a.m.30 views

Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12892/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.29 views

CVE-2002-0947

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter...

9.6AI score0.09542EPSS
Exploits0References7
CVE
CVE
added 2003/04/02 5:0 a.m.59 views

CVE-2002-0947

CVE-2002-0947 describes a buffer overflow in the rwcgi60 CGI program used by Oracle Reports Server 6.0.8.18.0 and earlier (Oracle9iAS and other products). The vulnerability allows a remote attacker to execute arbitrary code via a long database name parameter. The Oracle RWCGI60 component handles ...

7.5CVSS9.6AI score0.09542EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2002/10/10 4:0 a.m.19 views

CVE-2002-0707

The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service CPU consumption via large GET requests, possibly due to a buffer overflow...

5CVSS7AI score0.01812EPSS
Exploits0References3
NVD
NVD
added 2002/10/04 4:0 a.m.19 views

CVE-2002-0947

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter...

7.5CVSS7.7AI score0.09542EPSS
Exploits0References7
NVD
NVD
added 2002/10/04 4:0 a.m.21 views

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...

5CVSS5.8AI score0.05449EPSS
Exploits0References3
CVE
CVE
added 2002/10/03 4:0 a.m.43 views

CVE-2002-0707

The CVE-2002-0707 issue affects SurfControl SuperScout WebFilter’s Web Reports Server. The vulnerability allows remote attackers to trigger a denial of service by sending large GET requests, potentially due to a buffer overflow. Documented impact is CPU consumption leading to service unavailabili...

5CVSS7AI score0.01812EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2002/10/03 4:0 a.m.52 views

CVE-2002-0706

CVE-2002-0706 affects SurfControl SuperScout WebFilter’s Web Reports Server, specifically the UserManager.js component. The root cause is the use of weak encryption for administrator functions, with a hard-coded key inside a JavaScript function, enabling decryption of the admin password. This all...

7.5CVSS6.9AI score0.00984EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2002/10/03 4:0 a.m.30 views

CVE-2002-0706

UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function...

6.8AI score0.00984EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/10/03 4:0 a.m.21 views

CVE-2002-0705

The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords...

6.8AI score0.0245EPSS
Exploits0References5
Cvelist
Cvelist
added 2002/10/03 4:0 a.m.20 views

CVE-2002-0708

Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... triple dot sequences...

6.8AI score0.03489EPSS
Exploits0References3
CVE
CVE
added 2002/10/03 4:0 a.m.55 views

CVE-2002-0705

CVE-2002-0705 affects SurfControl SuperScout WebFilter's Web Reports Server. The vulnerability stems from storing the scwebusers file (usernames) and associated passwords in a web-accessible directory, allowing remote attackers to obtain valid usernames and crack passwords. The security advisory ...

7.5CVSS6.8AI score0.0245EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2002/10/03 4:0 a.m.51 views

CVE-2002-0708

The CVE-2002-0708 entry relates to a directory traversal vulnerability in SurfControl SuperScout WebFilter’s Web Reports Server. Affected component: Web Reports Server; vulnerability arises from improper handling of HTTP requests containing repeated dot sequences, enabling remote attackers to rea...

5CVSS6.8AI score0.03489EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2002/10/03 4:0 a.m.21 views

CVE-2002-0709

SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs...

8.4AI score0.01136EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2002/10/02 12:0 a.m.22 views

SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure

source: https://www.securityfocus.com/bid/5857/info SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files. The Reports Server does not sufficiently filter triple-dot-slash .../ sequences from web...

7.4AI score
Exploits0
CVE
CVE
added 2002/08/31 4:0 a.m.63 views

CVE-2002-1089

CVE-2002-1089 affects rwcgi60, the CGI used with Oracle Reports Server. The flaw is an information disclosure: the program can reveal sensitive data (the full pathname), which an attacker could leverage for further attacks. Connected documents (Nessus plugin) confirm rwcgi60 exposure as part of O...

5CVSS8.7AI score0.05449EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2002/08/31 4:0 a.m.26 views

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...

8.7AI score0.05449EPSS
Exploits0References3
securityvulns
securityvulns
added 2002/07/19 12:0 a.m.28 views

[AP] Oracle Reports Server Information Disclosure Vulnerability

-- ------------------------- -- - AngryPacket Security Advisory - -- ------------------------- -- - +--------------------- -- - + advisory information +------------------ -- - author: skp [email protected] release date: 07/17/2002 homepage: http://sec.angrypacket.com advisory id: 0x0004...

0.4AI score
Exploits0
Rows per page
Query Builder