CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3831 – Oracle Portal Demo Organization Chart PL/SQL Injection
https://notcve.org/view.php?id=CVE-2013-3831
Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Demos. Vulnerabilidad no especificada en el componente Oracle Portal de Oracle Fusion Middleware 11.1.1.6.0 permite a usuarios autenticados remotos afectar la confidencialidad e integridad a través de vectores desconocidos relacionados con Demos. Oracle Portal Demo Organization Chart suffers from multiple remote PL/SQL injection vulnerabilities. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securitytracker.com/id/1029190 •
CVSS: 1.5EPSS: 1%CPEs: 2EXPL: 2CVE-2013-5791 – Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-5791
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name. Una vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware versiones 8.4.0 y 8.4.1, permite a los atacantes dependiendo del contexto afectar la disponibilidad por medio de vectores desconocidos relacionados con Outside In Filters. NOTA: la información previa es de la CPU de octubre de 2013. • https://www.exploit-db.com/exploits/31222 http://secunia.com/advisories/56237 http://secunia.com/advisories/56241 http://secunia.com/advisories/56243 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.citadelo.com/en/ms13-105-oracle-outside-in-mdb-parsing-vulnerability-cve-2013-5791 http://www.exploit-db.com/exploits/31222 http://www.kb.cert.org/vuls/id/953241 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3833
https://notcve.org/view.php?id=CVE-2013-3833
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authentication Engine. Vulnerabilidad no especificada en el componente de Oracle Fusion Middleware 11.1.1.5.0 y 11.1.2.0.0 permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Authentication Engine. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securitytracker.com/id/1029190 •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3836
https://notcve.org/view.php?id=CVE-2013-3836
Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Partial Page Caching. Vulnerabilidad sin especificar en el componente Oracle Web Cache en Oracle Fusion Middleware 11.0.1.1.6 y 11.1.1.7 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados a ESI/Partial Page Caching. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securitytracker.com/id/1029190 •
CVSS: 5.0EPSS: 51%CPEs: 8EXPL: 1CVE-2013-3827 – Oracle GlassFish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. Vulnerabilidad no especificada en el componente de Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2, el componente de Oracle JDeveloper de Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0 y 12.1.2.0. 0, y el componente de Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0 y 12.1.1 que permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Java Server Faces o el Web Container. • https://www.exploit-db.com/exploits/38802 http://rhn.redhat.com/errata/RHSA-2014-0029.html http://www.kb.cert.org/vuls/id/526012 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/63052 http://www.securitytracker.com/id/1029190 https://access.redhat.com/security/cve/CVE-2013-3827 https://bugzilla.redhat.com/show_bug.cgi?id=1038898 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •