CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting 1 XSQLConfig.xml or 2 soapConfig.xml through a virtual directory...

CVE-2002-0568

CVE-2002-0568 concerns Oracle 9i Application Server where XSQLConfig.xml and soapConfig.xml configuration files are stored insecurely and may be retrieved via a virtual directory. This allows local users to obtain sensitive information, including usernames and passwords, as described in the OpenV...

CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting 1 XSQLConfig.xml or 2 soapConfig.xml through a virtual directory...

Oracle 9iAS XSQL Servlet ignores file permissions allowing arbitrary users to view sensitive configuration files

Overview It is possible to read the sensitive configuration files from an Oracle 9i Application Server without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially compromising it. Description Default installation of the Oracle 9...

CVE-2001-0126

Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet...

CVE-2001-0126

The vulnerability CVE-2001-0126 affects Oracle XSQL Servlet (versions 1.0.3.0 and earlier). An attacker can remotely cause arbitrary Java code execution by redirecting the XSQL server to a malicious source via the xml-stylesheet parameter in the XSLT stylesheet used by an XSQL page. This is a net...

CVE-2001-0126

Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet...

Oracle XSQL query.xsql sql Parameter SQL Injection

One of the sample applications that comes with the Oracle XSQL Servlet allows an attacker to make arbitrary queries to the Oracle database under an unprivileged account. Whilst not allowing an attacker to delete or modify database contents, this flaw can be used to enumerate database users and vi...

Oracle Application Server XSQL Stylesheet Arbitrary Java Code Execution

The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details Changes by Tenable: -...

Oracle XSQL servlet and xml-stylesheet allow executing java on the web server

Georgi Guninski security advisory 34, 2001 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server Systems affected: Oracle XSQL servlet, installed by default Oracle 8.1.7 Windows 2000installation, probably other versions/platforms are affected because the servlet is written...

Дырка в Oracle XSQL servlet

Имеется возможность выполнить .xsl-файл в контексте сервера. Это дает возможность выполнить любой java-код...