CVE-2013-0397 – Oracle Application Framework - Diagnostic Mode Bypass
https://notcve.org/view.php?id=CVE-2013-0397
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics. Una vulnerabilidad no especificada en el componente Oracle Applications Framework en Oracle E-Business Suite v11.5.10.2, v12.0.6 y v12.1.3 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores desconocidos relacionados con "Diagnostics". The Oracle Application Framework supports diagnostic and developer mode features that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1". Versions affected include 11.5.10.2, 12.0.6, and 12.1.3. • https://www.exploit-db.com/exploits/24158 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/57126 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html •
CVE-2012-3222
https://notcve.org/view.php?id=CVE-2012-3222
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Signon. vulnerabilidad no específica en el componente Oracle iRecruitment en Oracle E-Business Suite v11.5.10.2, v12.0.6, v12.1.1, v12.1.2, y 12.1.3 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con Sigon. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVE-2012-5058
https://notcve.org/view.php?id=CVE-2012-5058
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to the Web interface. Vulnerabilidad no especificada en el componente Oracle iStore en Oracle E-Business Suite v11.5.10.2, v12.0.6, v12.1.1, v12.1.2, y v12.1.3 permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con la interfaz web. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVE-2012-3196
https://notcve.org/view.php?id=CVE-2012-3196
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and availability, related to PDF generation. Vulnerabilidad no especificada en el componente Oracle Human Resources en Oracle E-Business Suite v11.5.10.2, v12.0.6, v12.1.1, v12.1.2, y v12.1.3 permite a atacantes remotos para afectar a la confidencialidad y la disponibilidad, en relación a la generación de PDF. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVE-2012-3164
https://notcve.org/view.php?id=CVE-2012-3164
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Publish Item. Vulnerabilidad no especificada en el componente Oracle Marketing component en Oracle E-Business Suite v11.5.10.2, v12.0.6, v12.1.1, v12.1.2, y v12.1.3 permite a usuarios remotos autenticados a afectar la integridad a través de vectores desconocidos relacionados con Publish Item. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •