CVSS: 7.5EPSS: 35%CPEs: 1EXPL: 0CVE-2009-0993 – Oracle Applications Server 10g Format String Vulnerability
https://notcve.org/view.php?id=CVE-2009-0993
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log. Vulnerabilidad sin especificar en el componente OPMN en Oracle Application Server v10.1.2.3 permite a atacantes remotos afectar a la confidencialidad, la disponibilidad, y la integridad a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Applications Server. • http://secunia.com/advisories/34693 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/archive/1/502683/100/0/threaded http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022055 http://www.us-cert.gov/cas/techalerts/TA09-105A.html http://www.zerodayinitiative.com/advisories/ZDI-09-017 https://exchange.xforce.ibmcloud.com/vulnerabilities/50030 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5438
https://notcve.org/view.php?id=CVE-2008-5438
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad sin especificar en el componente Oracle Portal en Oracle Application Server 10.1.2.3 y 10.1.4.2, permite a atacantes remotos comprometer la integridad a través de vectores desconocidos. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021572 http://www.vupen.com/english/advisories/2009/0115 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4017
https://notcve.org/view.php?id=CVE-2008-4017
Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente OC4J en Oracle Application Server 10.1.2.3 permite a los atacantes remotos afectar la confidencialidad a través de vectores desconocidos. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021572 http://www.vupen.com/english/advisories/2009/0115 •
CVSS: 5.5EPSS: 0%CPEs: 65EXPL: 0CVE-2008-4014 – Oracle Application Server Cross Site Scripting
https://notcve.org/view.php?id=CVE-2008-4014
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad sin especificar en el componente Oracle BPEL Process Manager en Oracle Application Server None permite a usuarios remotamente autentificados afectar la confidencialidad e integridad mediante vectores desconocidos. The Oracle Application Server (SOA) version 10.1.3.1.0 suffers from a cross site scripting vulnerability. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021572 http://www.vupen.com/english/advisories/2009/0115 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3975
https://notcve.org/view.php?id=CVE-2008-3975
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3977. Vulnerabilidad no especificada en el componente Oracle Portal en Oracle Application Server 9.0.4.3 y 10.1.2.3 permite a atacantes remotos afectar la integridad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2008-3977. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securitytracker.com/id?1021054 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45881 •