6 matches found
EUVD-2002-0936
Malware in sbrugna...
Oracle Reports Web Cartridge (RWCGI60)跨站脚本执行漏洞
Oracle应用服务器是一个综合解决方案,用于开发、集成和部署企业的应用系统、门户和网站。 Oracle应用服务Reports Web Cartridge在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在用户浏览器中执行恶意脚本代码。 在使用Oracle应用服务器处理Web客户端请求时,报表服务器必需Reports Web CGI或Web Cartridge。由于没有正确验证genuser参数,远程攻击者可以在输入中注入任意脚本并在客户端浏览器中执行。这一漏洞在认证表单中尤其严重,因为恶意用户可以通过这种攻击获得其他用户的认证凭据。 Oracle Application...
CVE-2007-0275
CVE-2007-0275 is a documented cross-site scripting (XSS) vulnerability in the Oracle Reports Web Cartridge (RWCGI60) within the Workflow Cartridge component. The issue allows remote authenticated users to inject arbitrary HTML or web script by supplying a crafted value to the genuser parameter of...
CVE-2002-0947
CVE-2002-0947 describes a buffer overflow in the rwcgi60 CGI program used by Oracle Reports Server 6.0.8.18.0 and earlier (Oracle9iAS and other products). The vulnerability allows a remote attacker to execute arbitrary code via a long database name parameter. The Oracle RWCGI60 component handles ...
CVE-2002-0947
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter...
CVE-2002-1089
CVE-2002-1089 affects rwcgi60, the CGI used with Oracle Reports Server. The flaw is an information disclosure: the program can reveal sensitive data (the full pathname), which an attacker could leverage for further attacks. Connected documents (Nessus plugin) confirm rwcgi60 exposure as part of O...