CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-15023 – SiteFusion Application Server Extension getextension.php path traversal
https://notcve.org/view.php?id=CVE-2016-15023
31 Jan 2023 — A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. • https://github.com/sitefusion/server/commit/49fff155c303d6cd06ce8f97bba56c9084bf08ac • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 65EXPL: 0CVE-2008-4014
https://notcve.org/view.php?id=CVE-2008-4014
14 Jan 2009 — Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad sin especificar en el componente Oracle BPEL Process Manager en Oracle Application Server None permite a usuarios remotamente autentificados afectar la confidencialidad e integridad mediante vectores desconocidos. • http://secunia.com/advisories/33525 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-5675
https://notcve.org/view.php?id=CVE-2007-5675
24 Oct 2007 — Stack-based buffer overflow in the DebugPrint function in MultiXTpm Application Server before 4.0.2d allows remote attackers to execute arbitrary code via a long string argument. Desbordamiento de búfer basado en pila en la función DebugPrint de MultiXTpm Application SErver anterior a 4.0.2d permite a atacantes remotos ejecutar código de su elección mediante un argumento largo de tipo string. • http://osvdb.org/40386 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 5%CPEs: 40EXPL: 0CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
26 Jan 2006 — Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2005-3450
https://notcve.org/view.php?id=CVE-2005-3450
02 Nov 2005 — Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04. • http://secunia.com/advisories/17250 •
CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0CVE-2005-3452
https://notcve.org/view.php?id=CVE-2005-3452
02 Nov 2005 — Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13. • http://secunia.com/advisories/17250 •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2005-3453
https://notcve.org/view.php?id=CVE-2005-3453
02 Nov 2005 — Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14. • http://secunia.com/advisories/17250 •
CVSS: 9.8EPSS: 20%CPEs: 70EXPL: 2CVE-2004-1707 – Oracle9i Database - Default Library Directory Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-1707
30 Jul 2004 — The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. • https://www.exploit-db.com/exploits/24335 •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2004-1877
https://notcve.org/view.php?id=CVE-2004-1877
30 Mar 2004 — The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. • http://marc.info/?l=bugtraq&m=108067040722235&w=2 •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 1CVE-2002-1630
https://notcve.org/view.php?id=CVE-2002-1630
31 Dec 2002 — The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. • http://www.kb.cert.org/vuls/id/717827 •