CVE-2015-2606 – Oracle Endeca Information Discovery Integrator ETL Server RenameFile Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2606
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones 2.2.2, 2.3, 2.4, 3.0 y 3.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Integrator, una vulnerabilidad diferente a CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605 y CVE-2015-4745. This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists in the handling of the RenameFile endpoint. The issue lies in the failure to properly sanitize the path of files. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75758 http://www.zerodayinitiative.com/advisories/ZDI-15-352 •
CVE-2015-4745 – Oracle Endeca Information Discovery Integrator ETL Server File Download Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4745
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-2606. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0 y 3.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Integrator, una vulnerabilidad diferente a CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605 y CVE-2015-2606. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists within the handling of file downloads. The issue lies in the failure to sanitize the path of files to be downloaded. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75750 http://www.zerodayinitiative.com/advisories/ZDI-15-357 •
CVE-2015-0396
https://notcve.org/view.php?id=CVE-2015-0396
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.0.1 y 3.1.2 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Admin Console. • http://secunia.com/advisories/62480 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72121 http://www.securitytracker.com/id/1031570 https://exchange.xforce.ibmcloud.com/vulnerabilities/100073 •
CVE-2013-5816
https://notcve.org/view.php?id=CVE-2013-5816
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro. Vulnerabilidad no especificada en el componente Oracle GlassFish Server de Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2 permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Metro. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html •
CVE-2013-3827 – Oracle GlassFish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. Vulnerabilidad no especificada en el componente de Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2, el componente de Oracle JDeveloper de Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0 y 12.1.2.0. 0, y el componente de Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0 y 12.1.1 que permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Java Server Faces o el Web Container. • https://www.exploit-db.com/exploits/38802 http://rhn.redhat.com/errata/RHSA-2014-0029.html http://www.kb.cert.org/vuls/id/526012 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/63052 http://www.securitytracker.com/id/1029190 https://access.redhat.com/security/cve/CVE-2013-3827 https://bugzilla.redhat.com/show_bug.cgi?id=1038898 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •