Lucene search
K

84 matches found

Metasploit
Metasploit
added 2014/01/30 1:45 p.m.150 views

Oracle Forms and Reports Remote Code Execution

This module uses two vulnerabilities in Oracle Forms and Reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell...

9.1CVSS9.5AI score0.98695EPSS
Exploits11
exploitpack
exploitpack
added 2014/01/29 12:0 a.m.17 views

Oracle Forms and Reports 11.1 - Arbitrary Code Execution

Oracle Forms and Reports 11.1 - Arbitrary Code Execution...

2.9AI score
Exploits0
Exploit DB
Exploit DB
added 2014/01/29 12:0 a.m.136 views

Oracle Forms and Reports 11.1 - Arbitrary Code Execution

!/usr/bin/env ruby Exploit Title: Oracle Reports 11.1 About: Automated exploit for CVE-2012-3153/CVE-2012-3152 Google Dork: inurl:/reports/rwservlet/ Date: 01/28/2014 Exploit Author: Mekanismen Credits to: @misssudo for initial disclosure Reference: http://netinfiltration.com/ Vendor Homepage:...

9.1CVSS9.3AI score0.98695EPSS
Exploits11
Packet Storm
Packet Storm
added 2014/01/28 12:0 a.m.79 views

Oracle Forms And Reports Database Disclosure

PARSEQUERY http://docs.oracle.com/cd/E1676401/bi.1111/b32121/pbrcla007.htmi640592 Description Use PARSEQUERY to parse an rwservlet query and display the constructed Reports Server command line. Syntax http://yourwebserver/reports/rwservlet/parsequery?server=servername&authid=username/password...

6.4CVSS9.3AI score0.9822EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2012/11/06 12:0 a.m.35 views

Oracle Forms Recognition Detection

The remote host has Oracle Forms Recognition installed. Oracle Forms Recognition is a software toolset for processing captured documents and delivering the data to backend systems. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62819; scriptversion"1.9";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/11/06 12:0 a.m.38 views

Oracle Forms Recognition Multiple ActiveX Control Arbitrary File Overwrite Vulnerabilities

The remote host has an unpatched version of Oracle Forms Recognition installed that is affected by multiple vulnerable ActiveX controls. A flaw in the 'Save' method of the 'CroScPlt' control, and the 'saveLayout' method of the 'Sssplt30' control may be exploited to overwrite arbitrary files on th...

9.8CVSS7.2AI score0.11636EPSS
Exploits4References5
Saint
Saint
added 2012/05/02 12:0 a.m.44 views

Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...

7.5CVSS9.3AI score0.11636EPSS
Exploits4
Saint
Saint
added 2012/05/02 12:0 a.m.50 views

Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...

7.5CVSS9.3AI score0.11636EPSS
Exploits4
NVD
NVD
added 2012/01/18 10:55 p.m.15 views

CVE-2012-0073

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...

4.3CVSS5.9AI score0.01214EPSS
Exploits0References4
Prion
Prion
added 2012/01/18 10:55 p.m.18 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...

4.3CVSS6.4AI score0.01214EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/01/18 10:0 p.m.25 views

CVE-2012-0073

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...

5.9AI score0.01214EPSS
Exploits0References4
CVE
CVE
added 2012/01/18 10:0 p.m.71 views

CVE-2012-0073

CVE-2012-0073 affects Oracle Forms in Oracle E-Business Suite 11.5.10.2. Description: an unspecified vulnerability allows remote attackers to affect integrity via unknown vectors. Affected: Oracle E-Business Suite components and Oracle Forms (version 11.5.10.2). Severity: NVD base score 4.3 (MEDI...

4.3CVSS6.1AI score0.01214EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2009/09/14 2:30 p.m.14 views

CVE-2008-7235

Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...

4.3CVSS6AI score0.04973EPSS
Exploits1References10
Prion
Prion
added 2009/09/14 2:30 p.m.19 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...

4.3CVSS6.5AI score0.04973EPSS
Exploits1References10Affected Software2
Cvelist
Cvelist
added 2009/09/14 2:0 p.m.22 views

CVE-2008-7235

Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...

6AI score0.04973EPSS
Exploits1References10
securityvulns
securityvulns
added 2009/01/30 12:0 a.m.97 views

Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet)

Oracle Forms Cross site Scripting in iFcgi60.exe / f60servlet About: Oracle Forms is a tool somewhat like Visual Basic in appearance, but the code inside is PL/SQL which allows a developer to quickly create user-interface applications which access an Oracle database in a very efficient and...

1.6AI score
Exploits0
Packet Storm
Packet Storm
added 2009/01/29 12:0 a.m.30 views

Oracle Forms Cross Site Scripting

Oracle Forms Cross site Scripting in iFcgi60.exe / f60servlet About: Oracle Forms is a tool somewhat like Visual Basic in appearance, but the code inside is PL/SQL which allows a developer to quickly create user-interface applications which access an Oracle database in a very efficient and...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/09/13 12:0 a.m.53 views

Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information

US-CERT released an advisory on August 28, 2007 regarding multiple stack buffer overflows in the Oracle Jinitiator product Vulnerability Note VU474433/CVE-2007-4467. Due to limited public technical information on Jinitiator, no access to the Oracle support website, and maybe lack of cooperation...

9.3CVSS0.7AI score0.21066EPSS
Exploits1
Prion
Prion
added 2007/08/31 12:17 a.m.14 views

Stack overflow

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control beans.ocx 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later...

9.3CVSS7.8AI score0.21066EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2006/10/18 1:7 a.m.15 views

CVE-2006-5365

Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln FORM02...

10CVSS6.3AI score0.0231EPSS
Exploits0References8
Rows per page
Query Builder