CVSS: 6.4EPSS: 97%CPEs: 2EXPL: 1CVE-2013-3763 – Oracle Endeca Server createDataStore SOAP Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3763
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764. Vulnerabilidad no especificada en el componente Oracle Endeca Server en Oracle Fusion Middleware v7.4.0 y v7.5.1.1 permite a atacantes remotos afectar la confidencialidad e integridad mediante vectores desconocidos, una vulnerabilidad diferente a CVE-2013-3764. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes the createDataStore method which contains a flaw that allows attackers to inject arbitrary operating system commands. • https://www.exploit-db.com/exploits/27877 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://www.securitytracker.com/id/1028801 http://www.zerodayinitiative.com/advisories/ZDI-13-190 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1529
https://notcve.org/view.php?id=CVE-2013-1529
Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image Service. Vulnerabilidad no especificada en el componente Oracle WebCenter Interaction en Oracle Fusion Middleware v6.5.1 y v10.3.3.0 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con el servicio de Image Service. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0CVE-2012-1677
https://notcve.org/view.php?id=CVE-2012-1677
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Application Server Single Sign-On en Oracle Fusion Middleware permite a atacantes remotos afectar a la integridad a través de vectores desconocidos. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html •
CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0CVE-2012-5065
https://notcve.org/view.php?id=CVE-2012-5065
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect integrity via unknown vectors related to ImagePicker. Vulnerabilidad no especificada en el componente de Oracle WebCenter Sites de Oracle Fusion Middleware v6.1 v6.2 v6.3.x, v7, v7.0.1, v7.0.2, v7.0.3, v7.5, v7.6.1, v7.6.2, y v11.1.1.6.0 permite a usuarios locales afectan la integridad a través de vectores desconocidos relacionados con ImagePicker. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1CVE-2012-3184 – Oracle WebCenter Sites (FatWire Content Server) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3184
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI. Vulnerabilidad no especificada en el componente Oracle WebCenter Sites de Oracle Fusion Middleware v6.1 v6.2 v6.3.x, v7, v7.0.1, v7.0.2, v7.0.3, v7.5, v7.6.1, v7.6.2, y v11.1.1.6.0, permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con Advanced UI. Oracle WebCenter Sites (formerly FatWire Content Server) suffers from remote SQL injection, cross site scripting, cross site request forgery, and authorization vulnerabilities. • https://www.exploit-db.com/exploits/22041 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •