Lucene search
K

115 matches found

Saint
Saint
added 2013/09/04 12:0 a.m.39 views

Oracle Endeca Server createDataStore method command execution

Added: 09/04/2013 CVE: CVE-2013-3763 BID: 61217 OSVDB: 95269 Background Oracle Endeca Server is a hybrid search-analytical database. Problem A vulnerability in the controlSoapBinding service allows remote attackers to execute arbitrary commands by sending a request for the createDataStore method...

5.5CVSS7.2AI score0.5984EPSS
Exploits8
Exploit DB
Exploit DB
added 2013/08/26 12:0 a.m.37 views

Oracle Endeca Server - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle Endeca Server Remote Command...

5.5CVSS7.4AI score0.5984EPSS
Exploits8
0day.today
0day.today
added 2013/08/25 12:0 a.m.47 views

Oracle Endeca Server Remote Command Execution Vulnerability

This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On...

5.5CVSS6.8AI score0.5984EPSS
Exploits8
Packet Storm
Packet Storm
added 2013/08/24 12:0 a.m.36 views

Oracle Endeca Server Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle Endeca Server Remote Command...

5.5CVSS0.1AI score0.5984EPSS
Exploits8
Metasploit
Metasploit
added 2013/08/21 5:47 p.m.35 views

Oracle Endeca Server Remote Command Execution

This module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. In addition, t...

5.5CVSS7.4AI score0.5984EPSS
Exploits8
Zero Day Initiative
Zero Day Initiative
added 2013/08/13 12:0 a.m.39 views

Oracle Endeca Server createDataStore SOAP Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes...

6.4CVSS7AI score0.5984EPSS
Exploits8References1
Zero Day Initiative
Zero Day Initiative
added 2013/08/13 12:0 a.m.31 views

Oracle Endeca Server attachDataStore SOAP Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes...

6.4CVSS6.4AI score0.01009EPSS
Exploits0References1
NVD
NVD
added 2013/07/17 1:41 p.m.29 views

CVE-2013-3764

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763...

5.5CVSS5.3AI score0.01009EPSS
Exploits0References2
NVD
NVD
added 2013/07/17 1:41 p.m.34 views

CVE-2013-3763

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764...

5.5CVSS5.3AI score0.5984EPSS
Exploits8References3
Prion
Prion
added 2013/07/17 1:41 p.m.23 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764...

5.5CVSS5.4AI score0.5984EPSS
Exploits8References3Affected Software1
Prion
Prion
added 2013/07/17 1:41 p.m.25 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763...

5.5CVSS5.4AI score0.5984EPSS
Exploits8References2Affected Software1
CVE
CVE
added 2013/07/17 10:0 a.m.67 views

CVE-2013-3764

CVE-2013-3763 (and related CVE-2013-3764) targets Oracle Endeca Server in Oracle Fusion Middleware 7.4.0 and 7.5.1.1. The vulnerability resides in the createDataStore method of the controlSoapBinding web service, enabling arbitrary command injection and remote command execution. Public proofs-of-...

5.5CVSS5.4AI score0.01009EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/07/17 10:0 a.m.73 views

CVE-2013-3763

The CVE-2013-3763 vector is a command-injection vulnerability in Oracle Endeca Server (Oracle Fusion Middleware) affecting 7.4.0 and 7.5.1.1 via the controlSoapBinding createDataStore method. Connected advisories (CPAIs) describe remote command execution with a flaw that can be exploited by sendi...

5.5CVSS5.4AI score0.5984EPSS
Exploits8References3Affected Software1
Cvelist
Cvelist
added 2013/07/17 10:0 a.m.32 views

CVE-2013-3764

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763...

5.4AI score0.01009EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/07/17 10:0 a.m.41 views

CVE-2013-3763

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764...

5.4AI score0.5984EPSS
Exploits8References3
Rows per page
Query Builder