Page 12 of 61 results (0.010 seconds)

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). • http://online.securityfocus.com/archive/1/279582 http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf http://www.iss.net/security_center/static/9446.php http://www.securityfocus.com/bid/5119 http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt •

CVSS: 5.0EPSS: 90%CPEs: 1EXPL: 2

The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. El módulo de administración de Oracle Web Cache en Oracle9iAS (9i Application Suite) 9.0.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante una petición HTTP GET conteniendo una secuencia ".." (punto punto), o una petición HTTP GET con un Transfer-Encoding troceado al que le faltan datos. • https://www.exploit-db.com/exploits/21911 http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf http://www.atstake.com/research/advisories/2002/a102802-1.txt http://www.iss.net/security_center/static/10284.php http://www.securityfocus.com/bid/5902 •

CVSS: 6.8EPSS: 97%CPEs: 47EXPL: 1

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta larga. • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http://online.securityfocus.com/advisories/ •

CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html http://online.securityfocus.com/archive/1/276524 http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf http://www.iss.net/security_center/static/9289.php http://www.kb.cert.org/vuls/id/997403 http://www.nextgenss.com/vna/ora-reports.txt http://www.securityfocus.com/bid/4848 •