CVSS: 3.5EPSS: 3%CPEs: 4EXPL: 1CVE-2013-3803 – Oracle Hyperion 11 - Directory Traversal
https://notcve.org/view.php?id=CVE-2013-3803
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service. Vulnerabilidad sin especificar en el componente Hyperion BI+ en Oracle Hyperion 11.1.1.3, 11.1.1.4.107 y anteriores, 11.1.2.1.129 y anteriores, y 11.1.2.2.305 y anteriores, permite a usuarios autenticados remotamente comprometer la confidencialidad a través de vectores desconocidos relacionados con Intelligence Service. • https://www.exploit-db.com/exploits/27291 http://osvdb.org/95277 http://secunia.com/advisories/54220 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://www.securityfocus.com/bid/61204 http://www.securitytracker.com/id/1028794 https://exchange.xforce.ibmcloud.com/vulnerabilities/85664 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1714
https://notcve.org/view.php?id=CVE-2012-1714
Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en un control TList 6 ActiveX en Oracle Hyperion Financial Management v11.1.1.4 y v11.1.2.1.104 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6 •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-3133
https://notcve.org/view.php?id=CVE-2012-3133
Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors. Desbordamiento de búfer en el controlador DataDirect ODBC, como se usa en Oracle Hyperion Interactive Reporting v11.1.2.1 and v11.1.2.2, Essbase Server v11.1.2.1 y v11.1.2.2, Production Reporting Server v11.1.2.1 y v11.1.2.2, e Integration Services Server v11.1.2.1 y v11.1.2.2 tiene un impacto y vectores de ataque desconocidos. • https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 91%CPEs: 3EXPL: 3CVE-2011-5167 – Oracle Hyperion Strategic Finance 12.x - Tidestone Formula One WorkBook OLE Control TTF16.ocx Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2011-5167
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter. Desbordamiento de búfer basado en memoria dinámica en el método SetDevNames del control ActiveX Tidestone Formula One (TTF16.ocx) v6.3.5 Build 1 en Oracle Hyperion Strategic Finance v12.x y posiblemente anteriores, permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en el parámetro DriverName. • https://www.exploit-db.com/exploits/18092 http://retrogod.altervista.org/9sg_ttf16.html http://secunia.com/advisories/46764 http://www.exploit-db.com/exploits/18092 http://www.osvdb.org/76913 http://www.saintcorporation.com/cgi-bin/exploit_info/oracle_hyperion_financial_mgmt_activex_heap http://www.securityfocus.com/bid/50565 https://exchange.xforce.ibmcloud.com/vulnerabilities/71163 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1729
https://notcve.org/view.php?id=CVE-2012-1729
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization. Vulnerabilidad no especificada en el componente Hyperion BI + en Oracle Hyperion v11.1.1.3 y anteriores permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con la interfaz de usuario y visualización. • http://osvdb.org/83953 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://www.securityfocus.com/bid/54509 http://www.securitytracker.com/id?1027273 https://exchange.xforce.ibmcloud.com/vulnerabilities/77013 •