CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0CVE-2016-0490 – Oracle Application Testing Suite filename Header Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0490
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the UploadServlet servlet, which allows remo... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 9.8EPSS: 89%CPEs: 2EXPL: 3CVE-2016-0491 – Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0491
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fi... • https://www.exploit-db.com/exploits/39852 •
CVSS: 9.1EPSS: 91%CPEs: 2EXPL: 3CVE-2016-0492 – Oracle Application Testing Suite Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-0492
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remo... • https://www.exploit-db.com/exploits/39852 •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2015-7940 – bouncycastle: Invalid curve attack allowing to extract private keys
https://notcve.org/view.php?id=CVE-2015-7940
09 Nov 2015 — The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." La librería Bouncy Castle Java en versiones anteriores a 1.51 no valida un punto que se encuentra dentro de la curva elíptica, lo que facilita a atacantes remotos obtener claves privadas a través de una serie de intercambios de clave de cu... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •