CVE-2011-0884
https://notcve.org/view.php?id=CVE-2011-0884
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remote authenticated users to affect availability, related to BPEL Console. Vulnerabilidad no especificada en el componente Oracle BPEL Process Manager de Oracle Fusion Middleware v11.1.1.3.0, v11.1.1.4.0, v11.1.1.5.0 y permite a usuarios remotos autenticados afectar a la disponibilidad, en relación con la consola de BPEL. • http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://www.us-cert.gov/cas/techalerts/TA11-201A.html •
CVE-2011-0785
https://notcve.org/view.php?id=CVE-2011-0785
Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad sin especificar en el componente de ayuda de Oracle del servidor de bases de datos Oracle 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5 y 10.1.0.5; y Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0 y 11.1.1.4.0. Permite a atacantes remotos vulnerar la integridad a través de vectores de ataque desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html •
CVE-2010-1622 – Spring Framework - Arbitrary code Execution
https://notcve.org/view.php?id=CVE-2010-1622
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. SpringSource Spring Framework v2.5.x anteriores a v2.5.6.SEC02, v2.5.7 anteriores a v2.5.7.SR01, y v3.0.x anteriores a v3.0.3 permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP que contenga class.classLoader.URLs[0]=jar: seguida por una URL de un fichero .jar modificado. • https://www.exploit-db.com/exploits/13918 https://github.com/HandsomeCat00/Spring-CVE-2010-1622 http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://secunia.com/advisories/43087 http://www.exploit-db.com/exploits/13918 http://www.oracle.com/technetwork/topics/security/cpuoct2015-236 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •