Page 32 of 324 results (0.008 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0 y 12.1.3.0 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con Web Container, una vulnerabilidad diferente a CVE-2016-5488. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036373 •

CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 1

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.3.0 y 12.2.1.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con WLS Core Components, una vulnerabilidad diferente a CVE-2016-3586. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists in the use of JBoss Interceptors library. By sending a specially crafted request, the application can be made to deserialize untrusted data during the handling of the request. • https://github.com/BabyTeam1024/CVE-2016-3510 http://packetstormsecurity.com/files/152324/Oracle-Weblogic-Server-Deserialization-MarshalledObject-Remote-Code-Execution.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036373 https://www.tenable.com/security/research/tra-2016-21 - •

CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 12.1.3.0 y 12.2.1.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Web Container. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The PartItem class in WebLogic FileUpload allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, when used in conjunction with a specific version of Oracle Java. It also allows the attacker to copy any file into a different location. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/92019 http://www.securitytracker.com/id/1036373 •

CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3510. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.3.0 y 12.2.1.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con WLS Core Components, una vulnerabilidad diferente a CVE-2016-3510. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the use of JtaTransactionManager. It is possible to execute arbitrary commands upon deserialization. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/92016 http://www.securitytracker.com/id/1036373 •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via vectors related to Console. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3 y 12.2.1 permite a atacantes remotos afectar a la confidencialidad e integridad a través de vectores relacionados con Console. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securityfocus.com/bid/86461 http://www.securitytracker.com/id/1035615 •