Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search (SES)
Details Oracle Secure Enterprise Search 10g, a standalone product from Oracle, enables a secure, high quality, easy-to-use search across all enterprise information assets. The parameter EXPTYPE in boundary_rules.jsp contains a cross site scripting vulnerability. Exploit http://www.red-database-security.com:7777/search/admin/sources/boundary_rules.jsp?event=deleteIncludeRule&p_src=web&p_mode=edit&p_id=3&pattern=www.red-database-security.com&expType=%3Cscript%3Ealert(document.cookie)%3C/script%3ECC_SIMPLE_INCLUSION' Affected Products Oracle Enterprise Search <10.1.8 Patch Information Please upgrade to the latest version of SES or apply CPU April 2007. History 05-Apr-2005 Oracle secalert was informed 06-Apr-2005 Bug confirmed 17-apr-2007 Oracle published CPU April 2007 17-apr-2007 Red-Database-Security published this advisory © 2007 by Red-Database-Security GmbH - last update 17-apr-2007 |