CVE-2014-2415 – Oracle Data Quality PostcardPreviewInt onclose Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2415
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.3.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Data Quality, una vulnerabilidad diferente a CVE-2014-2407, CVE-2014-2416, CVE-2014-2417 y CVE-2014-2418. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TSS12.TransformerTools.PostcardPreviewInt ActiveX control. The issue lies in the ability to dereference arbitrary pointers from JavaScript. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVE-2014-2416 – Oracle Data Quality DateTimeWrapper onchange Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2416
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2417, and CVE-2014-2418. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.3.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Data Quality, una vulnerabilidad diferente a CVE-2014-2407, CVE-2014-2415, CVE-2014-2417 y CVE-2014-2418. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TSS12.DscForms.DateTimeWrapper ActiveX control. The issue lies in the ability to dereference arbitrary pointers from JavaScript. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVE-2014-2417 – Oracle Data Quality DscXB onloadstatechange Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2417
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.3.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Data Quality, una vulnerabilidad diferente a CVE-2014-2407, CVE-2014-2415, CVE-2014-2416 y CVE-2014-2418. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TSS12.DscXB.XB ActiveX control. The issue lies in the ability to dereference arbitrary pointers from JavaScript. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVE-2014-2418 – Oracle Data Quality FileChooserDlg onChangeDirectory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2418
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2417. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.3.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Data Quality, una vulnerabilidad diferente a CVE-2014-2407, CVE-2014-2415, CVE-2014-2416 y CVE-2014-2417. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TSS12.DscTools.FileChooserDlg ActiveX control. The issue lies in the ability to dereference arbitrary pointers from JavaScript. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVE-2014-2424 – Oracle Event Processing FileUploadServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2424
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system. Vulnerabilidad no especificada en el componente Oracle Event Processing en Oracle Fusion Middleware 11.1.1.7.0 permite a los usuarios remotos autenticados afectar a la integridad a través de vectores relacionados con CEP system. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Event Processing. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • https://www.exploit-db.com/exploits/33989 http://packetstormsecurity.com/files/127365/Oracle-Event-Processing-FileUploadServlet-Arbitrary-File-Upload.html http://www.exploit-db.com/exploits/33989 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.osvdb.org/105844 http://www.securityfocus.com/bid/66871 •