CVSS: 5.0EPSS: 91%CPEs: 2EXPL: 0CVE-2013-3828 – Oracle BPEL Process Manager ScriptServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3828
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to Test Page. Vulnerabilidad no especificada en el componente Oracle Web Services de Oracle Fusion Middleware 10.1.3.5.0 y 11.1.1.6.0 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Test Page. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Oracle BPEL Process Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScriptServlet. It suffers of a directory traversal vulnerability inside the query string which can lead to disclosure of credentials. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securitytracker.com/id/1029190 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3770
https://notcve.org/view.php?id=CVE-2013-3770
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is related to "iDoc script injection" in the (1) cs and (2) urm components, which allows attackers to read "sensitive" files, as demonstrated by obtaining the "AES encryption key and encrypted credentials" of the weblogic user. Vulnerabilidad sin especificar en el componente Oracle WebCenter Content en Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, y 11.1.1.7.0 permite a atacantes remotos comprometer la integridad y confidencialidad a través de vectores desconocidos relacionado con los Web Content Server. • http://osvdb.org/95271 http://secunia.com/advisories/54227 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://www.securityfocus.com/bid/61228 http://www.securitytracker.com/id/1028801 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1038 https://exchange.xforce.ibmcloud.com/vulnerabilities/85658 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3781
https://notcve.org/view.php?id=CVE-2013-3781
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776. Vulnerabilidad sin especificar en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.3.7, 8.4.0, y 8.4.1 permite a atacantes dependientes del contexto comprometer la disponibilidad a través de vectores desconocidos relacionados con Outside In Filters. Vulnerabilidad distinta del CVE-2013-3776. • http://jvn.jp/en/jp/JVN07497769/index.html http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000070.html http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://www.securityfocus.com/bid/61232 http://www.securitytracker.com/id/1028801 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-061 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18156 •
CVSS: 6.4EPSS: 6%CPEs: 2EXPL: 0CVE-2013-3764 – Oracle Endeca Server attachDataStore SOAP Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3764
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763. Vulnerabilidad sin especificar en el componente Oracle Endeca Server en Oracle Fusion Middleware 7.4.0 y7.5.1.1, permite a usuarios autenticados remotamente comprometer la confidencialidad e integridad a través de vectores desconocidos. Vulnerabilidad distinta de CVE-2013-3763. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. • http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://www.securitytracker.com/id/1028801 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3772
https://notcve.org/view.php?id=CVE-2013-3772
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms. Vulnerabilidad sin especificar en el componente Oracle WebCenter Content en Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, y 11.1.1.7.0 permite a atacantes remotos comprometer la integridad a través de vectores desconocidos relacionado con los Web Forms. • http://osvdb.org/95274 http://secunia.com/advisories/54227 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://www.securityfocus.com/bid/61220 http://www.securitytracker.com/id/1028801 https://exchange.xforce.ibmcloud.com/vulnerabilities/85661 •