VYPR

Portal

by Oracle Corporation

CVEs (16)

  • CVE-2016-1181HigJul 4, 2016
    risk 0.47cvss 8.1epss 0.13

    ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to…

  • CVE-2006-6697Dec 22, 2006
    risk 0.04cvss epss 0.10

    CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

  • CVE-2007-1506Mar 19, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.

  • CVE-2006-6703Dec 23, 2006
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.

  • CVE-2009-0974Apr 15, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0983 and CVE-2009-3407.

  • CVE-2008-5438Jan 14, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.

  • CVE-2008-3977Oct 14, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3975.

  • CVE-2008-3975Oct 14, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3977.

  • CVE-2008-2583Jul 15, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors.

  • CVE-2008-2594Jul 15, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593.

  • CVE-2008-2593Jul 15, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594.

  • CVE-2008-2609Jul 15, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors.

  • CVE-2008-2589Jul 15, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable…

  • CVE-2008-1825Apr 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.

  • CVE-2007-5517Oct 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS02.

  • CVE-2006-6699Dec 23, 2006
    risk 0.00cvss epss 0.01

    Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. …