| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Oct 2006 18:51:48 +0200 From: "Alexander Kornbrust" <ak@...-database-security.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Various Cross-Site-Scripting Vulnerabilities in Oracle Reports Name Various Cross-Site-Scripting Vulnerabilities in Oracle Reports [REP01], [REP02] Severity Low Risk Category Cross Site Scripting (CSS/XSS) Vendor URL http://www.oracle.com/ Author Alexander Kornbrust (ak at red-database-security.com) Date 18 July 2006 (V 1.0) Advisory http://www.red-database-security.com/advisory/oracle_reports_css.html Details ####### The Oracle Reports parameters showenv [REP01], parsequery [REP01], cellwrapper [REP02] and delimiter [REP02] are vulnerable against Cross-Site-Scripting. Affected Products ################# Internet Application Server Oracle Application Server Oracle Developer Suite Patch Information ################# Apply Oracle Critical Patch Update October 2006 (CPU July 2006). History ####### 28-aug-2003 Oracle secalert was informed 29-aug-2003 Bug confirmed 17-oct-2006 Oracle published CPU October 2006 18-oct-2006 Red-Database-Security published this advisory Additional Information ###################### An analysis of the Oracle CPU Oct 2006 is available here http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists