CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-3568
https://notcve.org/view.php?id=CVE-2011-3568
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security. Vulnerabilidad no especificada en el componente Oracle Web Services Manager de Oracle Fusion Middleware v11.1.1.3, v11.1.1.4, y v11.1.1.5 permite a usuarios remotos autenticados afectar a la confidencialidad y a la integridad de los datos a través de vectores desconocidos relacionados con los servicios de seguridad Web. • http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-3531
https://notcve.org/view.php?id=CVE-2011-3531
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security. Una vulnerabilidad no especificada en el componente Oracle Web Services Manager en Oracle Fusion Middleware v11.1.1.3, v11.1.1.4 y v11.1.1.5 permite a atacantes remotos afectar a la disponibilidad de la información a través de vectores desconocidos relacionados con los sevicios de seguridad Web (Web Security Services). • http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3510
https://notcve.org/view.php?id=CVE-2011-3510
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.3.0 and 11.1.1.5.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Platform Security. Vulnerabilidad sin especificar en el componente de Oracle Business Enterprise Edition Inteligencia en Oracle Fusion Middleware v11.1.1.3.0 y v11.1.1.5.0 permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con la Plataforma de seguridad de BI. • http://osvdb.org/76487 http://secunia.com/advisories/46517 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50213 https://exchange.xforce.ibmcloud.com/vulnerabilities/70788 •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-0884
https://notcve.org/view.php?id=CVE-2011-0884
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remote authenticated users to affect availability, related to BPEL Console. Vulnerabilidad no especificada en el componente Oracle BPEL Process Manager de Oracle Fusion Middleware v11.1.1.3.0, v11.1.1.4.0, v11.1.1.5.0 y permite a usuarios remotos autenticados afectar a la disponibilidad, en relación con la consola de BPEL. • http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://www.us-cert.gov/cas/techalerts/TA11-201A.html •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 5CVE-2010-1622 – Spring Framework - Arbitrary code Execution
https://notcve.org/view.php?id=CVE-2010-1622
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. SpringSource Spring Framework v2.5.x anteriores a v2.5.6.SEC02, v2.5.7 anteriores a v2.5.7.SR01, y v3.0.x anteriores a v3.0.3 permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP que contenga class.classLoader.URLs[0]=jar: seguida por una URL de un fichero .jar modificado. • https://www.exploit-db.com/exploits/13918 https://github.com/HandsomeCat00/Spring-CVE-2010-1622 http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://secunia.com/advisories/43087 http://www.exploit-db.com/exploits/13918 http://www.oracle.com/technetwork/topics/security/cpuoct2015-236 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •