Lucene search
K
OracleApplication Server Portal

6 matches found

CVE
CVE
added 2005/02/26 5:0 a.m.66 views

CVE-2004-1707

Oracle 8i/9i and IAS 9.0.2.0.1 on Unix are affected by CVE-2004-1707 due to the dbsnmp and nmo programs. They search a default library path and execute libraries with elevated privileges, enabling certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. No additional ...

7.2CVSS9.2AI score0.02572EPSS
CVE
CVE
added 2008/05/12 4:0 p.m.65 views

CVE-2008-2138

Oracle Application Server Portal 10g is affected by an authentication bypass vulnerability (CVE-2008-2138) where an unauthenticated attacker can read files under /dav_portal/portal by sending a crafted GET request containing a trailing %0A and then reusing the session ID generated from that reque...

5CVSS6.4AI score0.15508EPSS
Web
CVE
CVE
added 2005/05/10 4:0 a.m.60 views

CVE-2003-1193

CVE-2003-1193 corresponds to SQL injection vulnerabilities in Oracle9i Application Server Portal DB components (LOVs, Forms, Hierarchy, XML) across versions 9.0.2.00–3.0.9.8.5. The OpenVAS/Nessus evidence references show a related Portal_DEMO.ORG_CHART exposure accessible through mod_plsql, which...

7.5CVSS8.1AI score0.01756EPSS
CVE
CVE
added 2007/03/19 10:0 p.m.58 views

CVE-2007-1506

The CVE-2007-1506 entry describes a Cross‑site Scripting (XSS) vulnerability in Oracle Portal 10g, specifically in PORTAL.wwv_main.render_warning_screen, exploitable by supplying crafted values in the p_oldurl and p_newurl parameters. The affected software is Oracle Portal 10g; the underlying iss...

4.3CVSS5.5AI score0.0181EPSS
CVE
CVE
added 2006/12/22 2:0 a.m.54 views

CVE-2006-6697

CVE-2006-6697 describes a CRLF injection in Oracle Portal 10g and earlier (including 9.0.2) via webapp/jsp/calendar.jsp where an attacker can inject arbitrary HTTP headers and trigger HTTP response splitting by manipulating the enc parameter. Related entries note that CVE-2006-6699’s calendar.jsp...

7.5CVSS6.5AI score0.10321EPSS
Web
CVE
CVE
added 2006/12/23 1:0 a.m.46 views

CVE-2006-6699

CVE-2006-6699 describes multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 (and possibly other versions) that allow remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in the enc parameter to calendarDialog.jsp or fred.jsp. The cale...

5CVSS6.9AI score0.00987EPSS