Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle jsp vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2001-0591
Directory traversal vulnerability in Oracle JSP 1.0.x up to and including 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote malicious user to read or execute arbitrary .jsp files via a '..' (dot dot) attack.
Oracle Application Server 1.0.2
Oracle Jsp
445
VMScore
CVE-2002-0565
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote malicious users to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages...
Oracle Application Server Web Cache 2.0.0.3
Oracle Oracle9i 9.0
Oracle Oracle9i 9.0.1
Oracle Application Server Web Cache 2.0.0.0
Oracle Application Server Web Cache 2.0.0.1
Oracle Application Server Web Cache 2.0.0.2
Oracle Application Server 1.0.2
685
VMScore
CVE-2006-6703
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote malicious users to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
Oracle Oracle10g
Oracle Oracle9i
1 EDB exploit
445
VMScore
CVE-2002-0562
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote malicious users to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
Oracle Oracle9i 9.0.1
Oracle Application Server 1.0.2
Oracle Application Server Web Cache 2.0.0.0
Oracle Application Server Web Cache 2.0.0.3
Oracle Oracle9i 9.0
Oracle Application Server Web Cache 2.0.0.1
Oracle Application Server Web Cache 2.0.0.2
505
VMScore
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote malicious users to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
Oracle Sun One Application Server 7.0
1 EDB exploit
755
VMScore
CVE-2010-4417
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w...
Oracle Beehive 2.0.1.0
Oracle Beehive 2.0.1.1
Oracle Beehive 2.0.1.2
Oracle Beehive 2.0.1.2.1
Oracle Beehive 2.0.1.3
1 EDB exploit
668
VMScore
CVE-2001-0326
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote malicious users to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermissio...
Oracle Application Server Release 1.0.2.0.1
Oracle Oracle8i 8.1.7 R3
755
VMScore
CVE-2006-6697
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and previous versions, including 9.0.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Oracle Application Server Portal 10g
Oracle Application Server Portal 9.0.2
1 EDB exploit
651
VMScore
CVE-2012-3152
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote malicious users to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous inform...
Oracle Fusion Middleware 11.1.1.4.0
Oracle Fusion Middleware 11.1.1.6.0
Oracle Fusion Middleware 11.1.2.0
2 EDB exploits
4 Github repositories
570
VMScore
CVE-2016-3438
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote malicious users to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the Apri...
Oracle Configurator 12.1
Oracle Configurator 12.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »