Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle jsp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-0591
Directory traversal vulnerability in Oracle JSP 1.0.x up to and including 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote malicious user to read or execute arbitrary .jsp files via a '..' (dot dot) attack.
Oracle Jsp
Oracle Application Server 1.0.2
NA
CVE-2002-0565
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote malicious users to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages...
Oracle Oracle9i 9.0.1
Oracle Application Server Web Cache 2.0.0.2
Oracle Oracle9i 9.0
Oracle Application Server Web Cache 2.0.0.1
Oracle Application Server Web Cache 2.0.0.0
Oracle Application Server 1.0.2
Oracle Application Server Web Cache 2.0.0.3
NA
CVE-2002-0562
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote malicious users to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
Oracle Oracle9i 9.0.1
Oracle Application Server Web Cache 2.0.0.2
Oracle Oracle9i 9.0
Oracle Application Server Web Cache 2.0.0.1
Oracle Application Server Web Cache 2.0.0.0
Oracle Application Server 1.0.2
Oracle Application Server Web Cache 2.0.0.3
NA
CVE-2006-6703
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote malicious users to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
Oracle Oracle9i
Oracle Oracle10g
1 EDB exploit
NA
CVE-2010-4417
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w...
Oracle Beehive 2.0.1.1
Oracle Beehive 2.0.1.3
Oracle Beehive 2.0.1.0
Oracle Beehive 2.0.1.2.1
Oracle Beehive 2.0.1.2
1 EDB exploit
7.5
CVSSv3
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote malicious users to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
Oracle Sun One Application Server 7.0
1 EDB exploit
NA
CVE-2001-0326
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote malicious users to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermissio...
Oracle Application Server Release 1.0.2.0.1
Oracle Oracle8i 8.1.7 R3
NA
CVE-2006-6697
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and previous versions, including 9.0.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Oracle Application Server Portal 10g
Oracle Application Server Portal 9.0.2
1 EDB exploit
NA
CVE-2012-3152
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote malicious users to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous inform...
Oracle Fusion Middleware 11.1.1.6.0
Oracle Fusion Middleware 11.1.2.0
Oracle Fusion Middleware 11.1.1.4.0
2 EDB exploits
4 Github repositories
NA
CVE-2010-3600
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previ...
Oracle Database Server 11.2.0.1
Oracle Enterprise Manager Grid Control 10.2.0.5
Oracle Database Server 11.1.0.7
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »