CVSS: 8.8EPSS: 1%CPEs: 81EXPL: 0CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
11 May 2018 — Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizad... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3311
https://notcve.org/view.php?id=CVE-2017-3311
27 Jan 2017 — Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 9.1EPSS: 77%CPEs: 2EXPL: 0CVE-2016-0487 – Oracle Application Testing Suite Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-0487
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0490. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the process method in the ActionServlet serv... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 10.0EPSS: 85%CPEs: 2EXPL: 0CVE-2016-0490 – Oracle Application Testing Suite filename Header Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0490
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the UploadServlet servlet, which allows remo... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 9.1EPSS: 77%CPEs: 2EXPL: 0CVE-2016-0488 – Oracle Application Testing Suite Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-0488
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0492. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function in the admin pages... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.8EPSS: 79%CPEs: 2EXPL: 0CVE-2016-0477 – Oracle Application Testing Suite DownloadServlet Multiple Parameter Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0477
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0478. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allow... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.8EPSS: 79%CPEs: 2EXPL: 0CVE-2016-0478 – Oracle Application Testing Suite DownloadServlet scriptName Parameter Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0478
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0477. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allow... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.8EPSS: 79%CPEs: 2EXPL: 0CVE-2016-0480 – Oracle Application Testing Suite DownloadServlet TMAPReportImage Parameter Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0480
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the Downl... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.8EPSS: 79%CPEs: 2EXPL: 0CVE-2016-0482 – Oracle Application Testing Suite DownloadServlet file Parameter Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0482
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0485, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the Downl... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.8EPSS: 79%CPEs: 2EXPL: 0CVE-2016-0484 – Oracle Application Testing Suite DownloadServlet scriptPath Parameter Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0484
21 Jan 2016 — Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory travers... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •