Description
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2024-43466 Vulnerability (CVE-2024-43466)
Dolibarr Improper Authentication Vulnerability (CVE-2020-7995)
WordPress Plugin Design Approval System Cross-Site Scripting (3.6)
phpMyAdmin CVE-2016-6633 Vulnerability (CVE-2016-6633)
WordPress Plugin FormGet Contact Form Cross-Site Scripting (5.3)