CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 2CVE-2014-2424 – Oracle Event Processing FileUploadServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2424
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system. Vulnerabilidad no especificada en el componente Oracle Event Processing en Oracle Fusion Middleware 11.1.1.7.0 permite a los usuarios remotos autenticados afectar a la integridad a través de vectores relacionados con CEP system. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Event Processing. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • https://www.exploit-db.com/exploits/33989 http://packetstormsecurity.com/files/127365/Oracle-Event-Processing-FileUploadServlet-Arbitrary-File-Upload.html http://www.exploit-db.com/exploits/33989 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.osvdb.org/105844 http://www.securityfocus.com/bid/66871 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0465
https://notcve.org/view.php?id=CVE-2014-0465
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console. Vulnerabilidad no especificada en el componente Oracle OpenSSO en Oracle Fusion Middleware 8.0 Update 2 Patch 5 permite a usuarios autenticados remotamente afectar a la integridad a través de vectores relacionados con la consola de administración. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2400 – Endeca Latitude 2.2.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-2400
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399. Vulnerabilidad no especificada en el componente Oracle Endeca Server en Oracle Fusion Middleware 2.2.2 permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Oracle Endeca Information Discovery (Formerly Latitude), una vulnerabilidad diferente a CVE-2014-2399. • http://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jun/124 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/archive/1/532557/100/0/threaded http://www.securityfocus.com/bid/66857 •
CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2404
https://notcve.org/view.php?id=CVE-2014-2404
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate. Vulnerabilidad no especificada en el componente Oracle Access Manager en Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, y 11.1.2.2.0 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con WebGate. • http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66862 •
CVSS: 4.3EPSS: 68%CPEs: 1EXPL: 2CVE-2014-2399 – Endeca Latitude 2.2.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-2399
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400. Vulnerabilidad no especificada en el componente Oracle Endeca Server en Oracle Fusion Middleware 2.2.2 permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Oracle Endeca Information Discovery (Formerly Latitude), una vulnerabilidad diferente a CVE-2014-2400. RedTeam Pentesting discovered a cross site request forgery vulnerability in Endeca Latitude version 2.2.2. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely. • https://www.exploit-db.com/exploits/33897 http://packetstormsecurity.com/files/127222/Endeca-Latitude-2.2.2-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2014/Jun/123 http://www.exploit-db.com/exploits/33897 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/archive/1/532556/100/0/threaded http://www.securityfocus.com/bid/66864 •