BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy Mar 20 2007 10:14AM
Sea Shark (sead3nx gmail com)
Hi,

Access to http://somesite/servlet/Spy should be restricted. But
generally database or system administrators ignore the hardening of
Oracle apllications or database. I have noticed XSS bug in Dynamic
Monitoring services on Oracle-Application-Server-10g/10.1.2.0.0.

http://somesite/servlet/Spy?fo...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus