Lucene search
K

115 matches found

Prion
Prion
added 2015/07/16 10:59 a.m.22 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...

7.5CVSS5.9AI score0.02974EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/07/16 10:59 a.m.21 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...

7.5CVSS5.9AI score0.02974EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/07/16 10:59 a.m.15 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...

7.5CVSS5.9AI score0.02974EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/07/16 10:59 a.m.16 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...

7.5CVSS5.9AI score0.02974EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/07/16 10:0 a.m.25 views

CVE-2015-2604

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...

5.6AI score0.02974EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/07/16 10:0 a.m.30 views

CVE-2015-4745

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...

5.6AI score0.02974EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/07/16 10:0 a.m.23 views

CVE-2015-2605

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...

5.6AI score0.02974EPSS
Exploits0References3
CVE
CVE
added 2015/07/16 10:0 a.m.49 views

CVE-2015-2605

CVE-2015-2605 affects Oracle Endeca Information Discovery Integrator ETL Server (Endeca IDI ETL Server) via a directory-traversal flaw in the MoveFile operation. Exploitation arises from insufficient input validation when handling crafted SOAP requests, enabling a remote authenticated attacker to...

7.5CVSS5.7AI score0.02974EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/07/16 10:0 a.m.53 views

CVE-2015-2604

CVE-2015-2604 concerns Oracle Endeca Information Discovery Integrator ETL Server CopyFile directory traversal. The issue arises from insufficient input validation in SOAP processing of the CopyFile operation, permitting a remote authenticated attacker to move arbitrary files on the target system ...

7.5CVSS5.7AI score0.02974EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/07/16 10:0 a.m.54 views

CVE-2015-2603

Technical details for CVE-2015-2603 are not publicly provided in the supplied documents. No concrete affected product/version, root cause, or remediation is available here. Monitor for official updates and advisories.

7.5CVSS5.7AI score0.02974EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/07/16 10:0 a.m.59 views

CVE-2015-4745

CVE-2015-4745 affects Oracle Endeca Information Discovery Integrator ETL Server (Oracle Endeca IDI) across multiple versions. Connected advisories describe the root cause as insufficient input validation in SOAP processing, enabling directory traversal via operations such as UploadFileConent, Cop...

7.5CVSS5.7AI score0.02974EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/07/16 10:0 a.m.57 views

CVE-2015-2602

Based on connected advisories, CVE-2015-2602 affects Oracle Endeca Information Discovery Integrator ETL Server (Endeca IDI ETL Server). The vulnerability is a directory traversal in the UploadFileConent path triggered by SOAP requests, allowing a remote authenticated attacker to upload arbitrary ...

7.5CVSS5.7AI score0.02974EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/07/16 10:0 a.m.66 views

CVE-2015-2606

CVE-2015-2606 is linked to Oracle Endeca Information Discovery (IDI) Integrator/ETL Server vulnerabilities in the Endeca suite. Connected advisories describe directory-traversal flaws in the Integrator ETL Server (operations such as DownloadFileConent, CopyFile, UploadFileConent, MoveFile) that o...

7.5CVSS5.7AI score0.02974EPSS
Exploits0References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2015/05/18 12:0 a.m.40 views

Oracle Endeca Server createDataStore Remote Command Execution - Ver2 (CVE-2013-3763)

A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...

5.5CVSS6.9AI score0.5984EPSS
Exploits8
Zero Day Initiative
Zero Day Initiative
added 2015/04/16 12:0 a.m.23 views

Oracle Endeca Tools and Frameworks Script.action Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Authentication is required to exploit this vulnerability, but authentication is easily bypassed. This product installs a web application called Oracle Endeca...

7.5CVSS7.3AI score0.02026EPSS
Exploits0References1
Source Incite
Source Incite
added 2015/02/01 12:0 a.m.29 views

SRC-2015-0003 : Oracle Endeca Tools and Frameworks AMF Request Beanshell Script Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fla...

6.4CVSS7.1AI score0.0186EPSS
Exploits1
Source Incite
Source Incite
added 2015/02/01 12:0 a.m.19 views

SRC-2015-0002 : Oracle Endeca Tools and Frameworks Session Generation Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Oracle Endeca Tools and Frameworks. Authentication is not required to exploit this vulnerability. The specific flaw exists when parsing the auth parameter. The service generates...

5CVSS6.1AI score0.01874EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/10/21 12:0 a.m.10 views

Oracle Endeca Information Discovery Studio Detection

Binary data oracleendecainformationdiscoverystudiodetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/10/21 12:0 a.m.47 views

Oracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU)

The remote host is running a version of Oracle Endeca Information Discovery Studio that may be missing a vendor-supplied security patch that fixes multiple bugs and OpenSSL related security vulnerabilities. Note that depending on how the remote host is configured, Nessus may not be able to detect...

7.5CVSS7.5AI score0.95326EPSS
Exploits17References3
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.82 views

[RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery

Advisory: Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting discovered a Cross-Site Request Forgery CSRF vulnerability in Endeca Latitude. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely...

4.3CVSS6AI score0.0698EPSS
Exploits4
Rows per page
Query Builder