Portal
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1181 | Hig | 0.47 | 8.1 | 0.11 | Jul 4, 2016 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to… | ||
| CVE-2006-6697 | 0.06 | — | 0.38 | Dec 22, 2006 | CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | |||
| CVE-2007-1506 | 0.04 | — | 0.15 | Mar 19, 2007 | Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. | |||
| CVE-2006-6703 | 0.04 | — | 0.14 | Dec 23, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | |||
| CVE-2009-0457 | 0.03 | — | 0.03 | Feb 10, 2009 | Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the… | |||
| CVE-2008-5132 | 0.03 | — | 0.01 | Nov 18, 2008 | SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||
| CVE-2008-4164 | 0.03 | — | 0.05 | Sep 22, 2008 | cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||
| CVE-2008-3495 | 0.03 | — | 0.00 | Aug 6, 2008 | SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter. | |||
| CVE-2007-3629 | 0.03 | — | 0.01 | Jul 9, 2007 | SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2006-6793 | 0.03 | — | 0.01 | Dec 28, 2006 | PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||
| CVE-2014-0374 | 0.00 | — | 0.01 | Jan 15, 2014 | Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events. | |||
| CVE-2013-3761 | 0.00 | — | 0.00 | Jul 17, 2013 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products Portal 9.1 and PeopleTools 8.52 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | |||
| CVE-2008-5438 | 0.00 | — | 0.00 | Jan 14, 2009 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2008-3977 | 0.00 | — | 0.00 | Oct 14, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3975. | |||
| CVE-2008-2593 | 0.00 | — | 0.01 | Jul 15, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594. | |||
| CVE-2008-1825 | 0.00 | — | 0.01 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03. | |||
| CVE-2007-5522 | 0.00 | — | 0.01 | Oct 17, 2007 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07. | |||
| CVE-2007-5519 | 0.00 | — | 0.01 | Oct 17, 2007 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04. | |||
| CVE-2006-6699 | 0.00 | — | 0.00 | Dec 23, 2006 | Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. … |
- risk 0.47cvss 8.1epss 0.11
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to…
- CVE-2006-6697Dec 22, 2006risk 0.06cvss —epss 0.38
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
- CVE-2007-1506Mar 19, 2007risk 0.04cvss —epss 0.15
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
- CVE-2006-6703Dec 23, 2006risk 0.04cvss —epss 0.14
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
- CVE-2009-0457Feb 10, 2009risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the…
- CVE-2008-5132Nov 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
- CVE-2008-4164Sep 22, 2008risk 0.03cvss —epss 0.05
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
- CVE-2008-3495Aug 6, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter.
- CVE-2007-3629Jul 9, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2006-6793Dec 28, 2006risk 0.03cvss —epss 0.01
PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
- CVE-2014-0374Jan 15, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events.
- CVE-2013-3761Jul 17, 2013risk 0.00cvss —epss 0.00
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products Portal 9.1 and PeopleTools 8.52 allows remote attackers to affect integrity via vectors related to PIA Core Technology.
- CVE-2008-5438Jan 14, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
- CVE-2008-3977Oct 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3975.
- CVE-2008-2593Jul 15, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594.
- CVE-2008-1825Apr 16, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.
- CVE-2007-5522Oct 17, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07.
- CVE-2007-5519Oct 17, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04.
- CVE-2006-6699Dec 23, 2006risk 0.00cvss —epss 0.00
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. …