CVSS: 6.4EPSS: 95%CPEs: 3EXPL: 2CVE-2012-3153 – Oracle Forms and Reports 11.1 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-3153
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file. Vulnerabilidad no especificada en el componente de Oracle Reports Developer de Oracle Fusion Middleware v11.1.1.4, v11.1.1.6 y v11.1.2.0 permite a atacantes remotos afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con Servlet. • https://www.exploit-db.com/exploits/31253 http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153 http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g http://seclists.org/fulldisclosure/2014/Jan/186 http://www.exploit-db.com/exploits/31253 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.securityfocus.com/bid/ •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0095
https://notcve.org/view.php?id=CVE-2012-0095
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108. Vulnerabilidad no especificada en el componente Oracle Imaging y Process Management en Oracle Fusion Middleware 10.1.3.6.0 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con Web, una vulnerabilidad diferente a CVE-2012-0086 y CVE-2012-0108. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1686
https://notcve.org/view.php?id=CVE-2012-1686
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unknown vectors related to Installation. Una vulnerabilidad no especificada en el componente Oracle Business Intelligence Enterprise Edition en Oracle Fusion Middleware v11.1.1.6 y otras versiones permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con la instalación. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html •
CVSS: 2.1EPSS: 57%CPEs: 2EXPL: 1CVE-2012-1769 – Oracle Outside-In JP2 - File Parsing Heap Overflow
https://notcve.org/view.php?id=CVE-2012-1769
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.3.5 y 8.3.7 permite a atacantes dependientes de contexto afectar la disponibilidad a través de vectores desconocidos relacionados con Outside In Filters, una vulnerabilidad diferente a CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108 y CVE-2012-3110. • https://www.exploit-db.com/exploits/19962 http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx http://technet.microsoft.com/security/advisory/2737111 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.kb.cert.org/vuls/id/118913 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://www.securityfocus.com/bid/54500 http://www& •
CVSS: 2.1EPSS: 15%CPEs: 2EXPL: 0CVE-2012-1772
https://notcve.org/view.php?id=CVE-2012-1772
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.3.5 y 8.3.7 permite a atacantes dependientes de contexto afectar la disponibilidad a través de vectores desconocidos relacionados con Outside In Filters, una vulnerabilidad diferente a CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108 y CVE-2012-3110. • http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx http://technet.microsoft.com/security/advisory/2737111 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.kb.cert.org/vuls/id/118913 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://www.securityfocus.com/bid/54497 http://www.securitytracker.com/id?1027264 https://docs. •