Page 6 of 30 results (0.011 seconds)

CVSS: 6.8EPSS: 95%CPEs: 3EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. • https://www.exploit-db.com/exploits/23593 http://marc.info/?l=bugtraq&m=107496560106967&w=2 http://www.securityfocus.com/bid/9484 https://exchange.xforce.ibmcloud.com/vulnerabilities/14930 •

CVSS: 2.6EPSS: 1%CPEs: 15EXPL: 0

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. • http://marc.info/?l=bugtraq&m=108067040722235&w=2 http://www.securityfocus.com/bid/10009 https://exchange.xforce.ibmcloud.com/vulnerabilities/15676 •

CVSS: 5.0EPSS: 6%CPEs: 34EXPL: 1

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. La librería ASN1 de Open SSL 0.9.6d y anterior, y 0.9.7-beta2 y anterior, permite que atacantes remotos provoquen una denegación de servicio por medio de codificaciones inválidas. • https://www.exploit-db.com/exploits/23199 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516 http://rhn.redhat.com/errata/RHSA-2002-160.html http://rhn.redhat.com/errata/RHSA-2002-161.html http://rhn.redhat.com/errata/RHSA-2002-164.html http& •

CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 0

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. OpenSSL 0.9.6.d y anteriores, y 0.9.7-beta2 y anteriores, no manejan adecuadamente las representaciones ASCII de enteros en plataformas de 64 bits, lo que podría permitir a atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 http://www.cert.org/advisories/CA-2002-23.html http://www.kb.cert.org/vuls/id/308891 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php http://www.securityfocus.com/bid/5364 •

CVSS: 7.5EPSS: 78%CPEs: 34EXPL: 1

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. Desbordamiento de búfer en OpenSSL 0.9.6d y anteriores, y 0.9.7-beta2 y anteriores, permite a atacantes remotos ejecutar código arbitrario mediante una clave maestra de cliente larga en SSL2 o un ID de sesión largo en SSL3 • https://www.exploit-db.com/exploits/40347 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 http://www.cert.org/advisories/CA-2002-23.html http://www.iss.net/security_center/static/9714.php http://www.iss.net/security_center/static/9716.php •