The Oracle Application Framework supports diagnostic and developer mode features that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1". Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.
593d275e9cad209f5d011018dd31b2516f2313f9799e0b9003a957d008d05c0b
Grendel-Scan is an open-source web application security testing tool. It has an automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests.
f0e88e81fc5d68b909dc6c52a69acd37b6a4d7db0c5e3ae8845fea7fb37b770c
When running in proxy mode, properly crafted requests sent to Finjan SurfinGate versions 6 and 7 can mimic control commands. Known vulnerabilities include viewing log data and causing the service to restart, potentially resulting in a DoS situation. The architecture for this application suggests there is a potential for modifying the filtering policy as well. The vendor has ignored the problem for over a year.
572f4e17a711d98d530166340377eea87699bc44b226915bbaab6ea14b6fba74