CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 1CVE-2012-3183 – Oracle WebCenter Sites (FatWire Content Server) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3183
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3185 and CVE-2012-3186. Vulnerabilidad no especificada en el componente Oracle WebCenter Sites en Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 y 11.1.1.6.0 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores desconocidos relacionados con Advanced UI, una vulnerabilidad diferente a CVE-2012-3185 y CVE-2012-3186. Oracle WebCenter Sites (formerly FatWire Content Server) suffers from remote SQL injection, cross site scripting, cross site request forgery, and authorization vulnerabilities. • https://www.exploit-db.com/exploits/22041 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 1CVE-2012-3185 – Oracle WebCenter Sites (FatWire Content Server) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3185
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3186. Vulnerabilidad no especificada en el componente Oracle WebCenter Sites en Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 y 11.1.1.6.0 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores desconocidos relacionado con Advanced UI, una vulnerabilidad diferente a CVE-2012-3183 y CVE-2012-3186. Oracle WebCenter Sites (formerly FatWire Content Server) suffers from remote SQL injection, cross site scripting, cross site request forgery, and authorization vulnerabilities. • https://www.exploit-db.com/exploits/22041 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-3193
https://notcve.org/view.php?id=CVE-2012-3193
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Administration. Vulnerabilidad no especificada en el componente Oracle BI Publisher de Oracle Fusion Middleware v10.1.3.4.2, v11.1.1.5.0, v11.1.1.6.0, v11.1.1.6.2, permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con la Administration. • http://osvdb.org/86390 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-3194
https://notcve.org/view.php?id=CVE-2012-3194
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration. Vulnerabilidad no especificada en el componente Oracle BI Publisher de Oracle Fusion Middleware v10.1.3.4.2, v11.1.1.5.0, v11.1.1.6.0, v11.1.1.6.2, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con la Administration. • http://osvdb.org/86391 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVSS: 6.4EPSS: 97%CPEs: 3EXPL: 3CVE-2012-3152 – Oracle Fusion Middleware Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2012-3152
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file. Vulnerabilidad no especificada en el componente de Oracle Reports Developer de Oracle Fusion Middleware v11.1.1.4, v11.1.1.6 y v11.1.2.0 permite a atacantes remotos afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con Report Server Component. • https://www.exploit-db.com/exploits/31253 https://www.exploit-db.com/exploits/31737 http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153 http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g http://seclists.org/fulldisclosure/2014/Jan/186 http://www.exploit-db.com/exploits/31253 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-151 •