38 matches found
EUVD-2018-8745
Malware in sbrugna...
EUVD-2018-8742
Malware in sbrugna...
EUVD-2018-8740
Malware in sbrugna...
EUVD-2018-8746
Malware in sbrugna...
EUVD-2018-8744
Malware in sbrugna...
EUVD-2013-1565
Malware in sbrugna...
EUVD-2018-8743
Malware in sbrugna...
EUVD-2018-8741
Malware in sbrugna...
Oracle WebCenter Interaction Portal Session Hijacking Vulnerability
Oracle WebCenter Interaction is Oracle's suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is one of the management interfaces. A session hijacking vulnerability exists in Oracle WebCenter...
Oracle WebCenter Interaction Portal AjaxControl Component Denial of Service Vulnerability
Oracle WebCenter Interaction is an Oracle suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is an administrative interface.AjaxControl AjaxControl is one of the Ajax control components. A denial of...
Oracle WebCenter Interaction Information Disclosure Vulnerability
Oracle WebCenter Interaction is an Oracle suite for creating enterprise portals, collaborative communities, portfolio applications and social applications. An information disclosure vulnerability in Oracle WebCenter Interaction version 10.3.3, which originates from a program that compiles the que...
CVE-2018-16958
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
CVE-2018-16959
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI ...
CVE-2018-16958
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
CVE-2018-16954
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection also called an open redirect. The inhiredirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE...
CVE-2018-16957
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network...
Cross site request forgery (csrf)
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal such as changing a portal user's password. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle...
CVE-2018-16952
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal such as changing a portal user's password. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle...
CVE-2018-16953
The AjaxView::DisplayResponse function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. User input from the name parameter is unsafely reflected in the server response. NOTE: this CVE is assigned by MITRE and isn't...
CVE-2018-16956
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software such as IIS. Renaming pages to inclu...