CVE-2016-7103 – jquery-ui: cross-site scripting in dialog closeText
https://notcve.org/view.php?id=CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog. It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user. • http://rhn.redhat.com/errata/RHSA-2016-2932.html http://rhn.redhat.com/errata/RHSA-2016-2933.html http://rhn.redhat.com/errata/RHSA-2017-0161.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104823 https://github.com/jquery/api.jqueryui.com/issues/281 https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6 https://jqueryui.com/changelog/1.12.0 https://lists.apache.org/thread.html/519eb0fd45642dcecd9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-3551
https://notcve.org/view.php?id=CVE-2016-3551
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXWS Web Services Stack. Vulnerabilidad no especificada en el componente Oracle Web Services en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0 y 12.2.1.0.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con JAXWS Web Services Stack. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93658 http://www.securitytracker.com/id/1037051 •
CVE-2016-5488
https://notcve.org/view.php?id=CVE-2016-5488
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-3445. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0 y 12.1.3.0 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con Web Container, una vulnerabilidad diferente a CVE-2016-3445. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93627 http://www.securitytracker.com/id/1037052 •
CVE-2016-5535 – Oracle WebLogic Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5535
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0 y 12.2.1.1 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the use of Apache Commons DiskFileItem. It is possible to execute arbitrary commands upon deserialization of untrusted data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93692 http://www.securitytracker.com/id/1037052 https://www.tenable.com/security/research/tra-2016-33 •
CVE-2016-3505
https://notcve.org/view.php?id=CVE-2016-3505
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.3.0 y 12.2.1.0 permite a usuarios remotos autenticados afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con JavaServer Faces. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93708 http://www.securitytracker.com/id/1037052 •