CVE-2012-3152 – Oracle Fusion Middleware Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2012-3152
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file. Vulnerabilidad no especificada en el componente de Oracle Reports Developer de Oracle Fusion Middleware v11.1.1.4, v11.1.1.6 y v11.1.2.0 permite a atacantes remotos afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con Report Server Component. • https://www.exploit-db.com/exploits/31253 https://www.exploit-db.com/exploits/31737 http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153 http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g http://seclists.org/fulldisclosure/2014/Jan/186 http://www.exploit-db.com/exploits/31253 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-151 •
CVE-2012-3153 – Oracle Forms and Reports 11.1 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-3153
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file. Vulnerabilidad no especificada en el componente de Oracle Reports Developer de Oracle Fusion Middleware v11.1.1.4, v11.1.1.6 y v11.1.2.0 permite a atacantes remotos afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con Servlet. • https://www.exploit-db.com/exploits/31253 http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153 http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g http://seclists.org/fulldisclosure/2014/Jan/186 http://www.exploit-db.com/exploits/31253 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.securityfocus.com/bid/ •
CVE-2012-3135
https://notcve.org/view.php?id=CVE-2012-3135
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente de Oracle JRockit en Oracle Fusion Middleware v28.2.3 y anteriores, y v27.7.2 y versiones anteriores, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://www.securityfocus.com/bid/54494 http://www.securitytracker.com/id?1027264 https://exchange.xforce.ibmcloud.com/vulnerabilities/76993 •
CVE-2011-3562
https://notcve.org/view.php?id=CVE-2011-3562
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Portal en Oracle Fusion Middleware v11.1.1.5, v11.1.1.6 y v11.1.2.0, permite a atacantes remotos afectar a la integridad a través de vectores desconocidos. • http://osvdb.org/83952 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://www.securitytracker.com/id?1027264 https://exchange.xforce.ibmcloud.com/vulnerabilities/76998 •
CVE-2012-1695
https://notcve.org/view.php?id=CVE-2012-1695
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle JRockit en Oracle Fusion Middleware v28.2.2 y anteriores, y JDK/JRE 5 y 6 27.7.1 y anteriores permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores no especificados. • http://secunia.com/advisories/48864 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securitytracker.com/id?1026948 https://www.oracle.com/security-alerts/cpujan2020.html •