84 matches found
Oracle Forms and Reports Remote Code Execution
This module uses two vulnerabilities in Oracle Forms and Reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell...
Oracle Forms and Reports 11.1 - Arbitrary Code Execution
Oracle Forms and Reports 11.1 - Arbitrary Code Execution...
Oracle Forms and Reports 11.1 - Arbitrary Code Execution
!/usr/bin/env ruby Exploit Title: Oracle Reports 11.1 About: Automated exploit for CVE-2012-3153/CVE-2012-3152 Google Dork: inurl:/reports/rwservlet/ Date: 01/28/2014 Exploit Author: Mekanismen Credits to: @misssudo for initial disclosure Reference: http://netinfiltration.com/ Vendor Homepage:...
Oracle Forms And Reports Database Disclosure
PARSEQUERY http://docs.oracle.com/cd/E1676401/bi.1111/b32121/pbrcla007.htmi640592 Description Use PARSEQUERY to parse an rwservlet query and display the constructed Reports Server command line. Syntax http://yourwebserver/reports/rwservlet/parsequery?server=servername&authid=username/password...
Oracle Forms Recognition Detection
The remote host has Oracle Forms Recognition installed. Oracle Forms Recognition is a software toolset for processing captured documents and delivering the data to backend systems. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62819; scriptversion"1.9";...
Oracle Forms Recognition Multiple ActiveX Control Arbitrary File Overwrite Vulnerabilities
The remote host has an unpatched version of Oracle Forms Recognition installed that is affected by multiple vulnerable ActiveX controls. A flaw in the 'Save' method of the 'CroScPlt' control, and the 'saveLayout' method of the 'Sssplt30' control may be exploited to overwrite arbitrary files on th...
Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite
Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...
Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite
Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...
CVE-2012-0073
Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...
CVE-2012-0073
Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...
CVE-2012-0073
CVE-2012-0073 affects Oracle Forms in Oracle E-Business Suite 11.5.10.2. Description: an unspecified vulnerability allows remote attackers to affect integrity via unknown vectors. Affected: Oracle E-Business Suite components and Oracle Forms (version 11.5.10.2). Severity: NVD base score 4.3 (MEDI...
CVE-2008-7235
Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...
CVE-2008-7235
Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...
Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet)
Oracle Forms Cross site Scripting in iFcgi60.exe / f60servlet About: Oracle Forms is a tool somewhat like Visual Basic in appearance, but the code inside is PL/SQL which allows a developer to quickly create user-interface applications which access an Oracle database in a very efficient and...
Oracle Forms Cross Site Scripting
Oracle Forms Cross site Scripting in iFcgi60.exe / f60servlet About: Oracle Forms is a tool somewhat like Visual Basic in appearance, but the code inside is PL/SQL which allows a developer to quickly create user-interface applications which access an Oracle database in a very efficient and...
Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information
US-CERT released an advisory on August 28, 2007 regarding multiple stack buffer overflows in the Oracle Jinitiator product Vulnerability Note VU474433/CVE-2007-4467. Due to limited public technical information on Jinitiator, no access to the Oracle support website, and maybe lack of cooperation...
Stack overflow
Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control beans.ocx 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later...
CVE-2006-5365
Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln FORM02...