CVE-2015-4742
https://notcve.org/view.php?id=CVE-2015-4742
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect availability via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0 y 12.1.3.0.0, permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con ADF Faces. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVE-2015-4747
https://notcve.org/view.php?id=CVE-2015-4747
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CEP system. Vulnerabilidad no especificada en el componente Oracle Event Processing en Oracle Fusion Middleware 11.1.1.7 y 12.1.3.0, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con CEP system. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVE-2015-2623
https://notcve.org/view.php?id=CVE-2015-2623
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related to Java Server Faces. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.0.1 y 3.1.2, y en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0 y 12.1.3.0, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Java Server Faces. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032953 •
CVE-2015-2636
https://notcve.org/view.php?id=CVE-2015-2636
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-4758, and CVE-2015-4759. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.3.0, permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Data Quality basados en Trillium, una vulnerabilidad diferente a CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-4758, y CVE-2015-4759. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVE-2015-4745 – Oracle Endeca Information Discovery Integrator ETL Server File Download Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4745
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-2606. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0 y 3.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Integrator, una vulnerabilidad diferente a CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605 y CVE-2015-2606. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists within the handling of file downloads. The issue lies in the failure to sanitize the path of files to be downloaded. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75750 http://www.zerodayinitiative.com/advisories/ZDI-15-357 •