CVE-2016-15023 – SiteFusion Application Server Extension getextension.php path traversal
https://notcve.org/view.php?id=CVE-2016-15023
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. • https://github.com/sitefusion/server/commit/49fff155c303d6cd06ce8f97bba56c9084bf08ac https://github.com/sitefusion/server/pull/67 https://github.com/sitefusion/server/releases/tag/v6.6.7 https://vuldb.com/?ctiid.219765 https://vuldb.com/?id.219765 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-7233
https://notcve.org/view.php?id=CVE-2008-7233
Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator component, aka AS02. Vulnerabilidad no especificada en el cliente E-Business Application, como el que se utiliza en Oracle Application Server v1.1.8.26 y E-Business Suite v11.5.10.2; permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el componente Oracle Jinitiator, también conocido como AS02. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.osvdb.org/40294 http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVE-2008-4014 – Oracle Application Server Cross Site Scripting
https://notcve.org/view.php?id=CVE-2008-4014
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad sin especificar en el componente Oracle BPEL Process Manager en Oracle Application Server None permite a usuarios remotamente autentificados afectar la confidencialidad e integridad mediante vectores desconocidos. The Oracle Application Server (SOA) version 10.1.3.1.0 suffers from a cross site scripting vulnerability. • http://secunia.com/advisories/33525 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021572 http://www.vupen.com/english/advisories/2009/0115 •
CVE-2008-2619
https://notcve.org/view.php?id=CVE-2008-2619
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad sin especificar en el componente Oracle Reports Developer de Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2 y E-Business Suite 11.5.10.2 permite a un atacante remoto autentificado comprometer la disponibilidad por medio de un método desconocido. • http://secunia.com/advisories/32291 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securitytracker.com/id?1021054 http://www.securitytracker.com/id?1021057 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45878 •
CVE-2008-0340
https://notcve.org/view.php?id=CVE-2008-0340
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04). Múltiples vulnerabilidades no especificadas en Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 tiene impacto y vectores de ataque desconocidos, relacionados con los componentes (1) Advanced Queuing y (2) Oracle Spatial (DB04). • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •