CVE-2016-0480

Oracle Application Testing Suite (ATS) versions 12.4.0.2 and 12.5.0.2 expose a directory-traversal vulnerability in the DownloadServlet when processing the TMAPReportImage parameter (CVE-2016-0480). Exploitation allows remote unauthenticated attackers to read arbitrary files from the server. The ...

CVE-2016-0481

CVE-2016-0481 is a directory traversal vulnerability in Oracle’s Application Testing Suite (ATS) DownloadServlet affecting the /otm/download endpoint via the scheduleReportName parameter. The connected advisories (CPAI-2016-0306) describe the flaw as due to insufficient input validation, enabling...

CVE-2016-0487

CVE-2016-0487 affects Oracle Application Testing Suite within Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The issue is an authentication bypass in the ActionServlet component (via directory traversal sequences following an unspecified URI), potentially allowing remote attackers ...

CVE-2016-0489

Summary: CVE-2016-0489 affects Oracle Application Testing Suite (Test Manager for Web Apps) in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The connected sources describe a directory traversal vulnerability in the ReportImage action via the tempfilename parameter in ActionServlet...

CVE-2016-0486

CVE-2016-0486 affects Oracle Application Testing Suite (ATS) on Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The vulnerability is a directory traversal in the DownloadServlet, exploited via the exportFileName parameter, allowing a remote unauthenticated attacker to read arbitrary...

EUVD-2016-0521

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...

EUVD-2016-0520

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...

CVE-2016-0478

CVE-2016-0478 corresponds to a directory traversal vulnerability in Oracle Application Testing Suite’s DownloadServlet. Affected products/versions cited: Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2, involving the DownloadServlet scriptName parameter; exploitation could allow read...

CVE-2016-0477

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

CVE-2016-0476

CVE-2016-0476 concerns Oracle Application Testing Suite (ATS) DownloadServlet, specifically the reportName parameter in the DownloadServlet path used by the Load Testing component. The vulnerability stems from improper handling of path names, enabling directory traversal to read arbitrary files o...

CVE-2016-0488

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than...

CVE-2016-0488

CVE-2016-0488 affects the Oracle Application Testing Suite component within Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The description describes an unspecified vulnerability impacting confidentiality and integrity via load testing for web apps; specific attack vectors are not p...

CVE-2016-0489

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the...

CVE-2016-0491

CVE-2016-0491 affects Oracle Application Testing Suite (ATS) within Oracle Enterprise Manager Grid Control, specifically ATS versions 12.4.0.2 and 12.5.0.2. Multiple sources document a vulnerability in the UploadFileUpload.do path that enables file upload and, via directory traversal or crafted i...

CVE-2016-0476

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and...

EUVD-2016-0525

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...

CVE-2016-0487

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...

CVE-2016-0478

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...

CVE-2016-0492

CVE-2016-0492 affects Oracle Application Testing Suite (ATS) within Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2. The vulnerability enables remote attackers to bypass authentication and potentially access or modify data through a directory traversal scenario involving the isAllowe...

CVE-2016-0490

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than...