115 matches found
Design/Logic Flaw
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...
CVE-2015-2604
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...
CVE-2015-4745
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...
CVE-2015-2605
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than...
CVE-2015-2605
CVE-2015-2605 affects Oracle Endeca Information Discovery Integrator ETL Server (Endeca IDI ETL Server) via a directory-traversal flaw in the MoveFile operation. Exploitation arises from insufficient input validation when handling crafted SOAP requests, enabling a remote authenticated attacker to...
CVE-2015-2604
CVE-2015-2604 concerns Oracle Endeca Information Discovery Integrator ETL Server CopyFile directory traversal. The issue arises from insufficient input validation in SOAP processing of the CopyFile operation, permitting a remote authenticated attacker to move arbitrary files on the target system ...
CVE-2015-2603
Technical details for CVE-2015-2603 are not publicly provided in the supplied documents. No concrete affected product/version, root cause, or remediation is available here. Monitor for official updates and advisories.
CVE-2015-4745
CVE-2015-4745 affects Oracle Endeca Information Discovery Integrator ETL Server (Oracle Endeca IDI) across multiple versions. Connected advisories describe the root cause as insufficient input validation in SOAP processing, enabling directory traversal via operations such as UploadFileConent, Cop...
CVE-2015-2602
Based on connected advisories, CVE-2015-2602 affects Oracle Endeca Information Discovery Integrator ETL Server (Endeca IDI ETL Server). The vulnerability is a directory traversal in the UploadFileConent path triggered by SOAP requests, allowing a remote authenticated attacker to upload arbitrary ...
CVE-2015-2606
CVE-2015-2606 is linked to Oracle Endeca Information Discovery (IDI) Integrator/ETL Server vulnerabilities in the Endeca suite. Connected advisories describe directory-traversal flaws in the Integrator ETL Server (operations such as DownloadFileConent, CopyFile, UploadFileConent, MoveFile) that o...
Oracle Endeca Server createDataStore Remote Command Execution - Ver2 (CVE-2013-3763)
A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...
Oracle Endeca Tools and Frameworks Script.action Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Authentication is required to exploit this vulnerability, but authentication is easily bypassed. This product installs a web application called Oracle Endeca...
SRC-2015-0003 : Oracle Endeca Tools and Frameworks AMF Request Beanshell Script Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fla...
SRC-2015-0002 : Oracle Endeca Tools and Frameworks Session Generation Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Oracle Endeca Tools and Frameworks. Authentication is not required to exploit this vulnerability. The specific flaw exists when parsing the auth parameter. The service generates...
Oracle Endeca Information Discovery Studio Detection
Binary data oracleendecainformationdiscoverystudiodetect.nbin...
Oracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU)
The remote host is running a version of Oracle Endeca Information Discovery Studio that may be missing a vendor-supplied security patch that fixes multiple bugs and OpenSSL related security vulnerabilities. Note that depending on how the remote host is configured, Nessus may not be able to detect...
[RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery
Advisory: Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting discovered a Cross-Site Request Forgery CSRF vulnerability in Endeca Latitude. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely...