15 results (0.004 seconds)

CVSS: 6.8EPSS: 95%CPEs: 1EXPL: 5

CVE-2005-1381 – Oracle Application Server 9i - Webcache Cache_dump_file Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2005-1381

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. • https://www.exploit-db.com/exploits/25562 https://www.exploit-db.com/exploits/25563 http://marc.info/?l=bugtraq&m=111472423409560&w=2 http://secunia.com/advisories/15143 http://www.osvdb.org/15910 http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html http://www.securityfocus.com/bid/13421 http://www.securityfocus.com/bid/13422 https://exchange.xforce.ibmcloud.com/vulnerabilities/20309 •

CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 3

CVE-2005-1382 – Oracle Application Server 9i Webcache - Arbitrary File Corruption

https://notcve.org/view.php?id=CVE-2005-1382

The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. • https://www.exploit-db.com/exploits/25561 http://marc.info/?l=bugtraq&m=111472615519295&w=2 http://secunia.com/advisories/15143 http://www.osvdb.org/15909 http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html http://www.securityfocus.com/bid/13420 https://exchange.xforce.ibmcloud.com/vulnerabilities/20310 •

CVSS: 10.0EPSS: 14%CPEs: 5EXPL: 0

CVE-2004-0385

https://notcve.org/view.php?id=CVE-2004-0385

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities." • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.html http://marc.info/?l=bugtraq&m=107945649127635&w=2 http://marc.info/?l=bugtraq&m=108144419001770&w=2 http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf http://secunia.com/advisories/11118 http://www.inaccessnetworks.com/ian/services/secadv01.txt http://www.kb.cert.org/vuls/id/413006 http://www.osvdb.org/4249 http://www.securityfocus.com/bid/9868 https://exchange.xforce.ibmcloud.com/vulnerabilities& •

CVSS: 5.0EPSS: 93%CPEs: 9EXPL: 0

CVE-2002-0563

https://notcve.org/view.php?id=CVE-2002-0563

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://securitytracker.com/id?1009167 http://www.appsecinc.com/Policy/PolicyCheck7024.html http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/168795 http://www.nextgenss.com/papers/hpoas.pdf http://www.osvdb.org/13152 http://www.osvdb.org/705 http://www.securityfocus.com/bid/4293 https://exchange.xforce.ibmcloud.com • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0

CVE-2002-0559

https://notcve.org/view.php?id=CVE-2002-0559

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. • http://online.securityfocus.com/archive/1/254426 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/313280 http://www.kb.cert.org/vuls/id/659043 http://www.kb.cert.org/vuls/id/750299 http://www.kb.cert.org/vuls/id/878603 http://www.kb.cert.org/vuls/id/923395 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4032 https:// •