EUVD-2007-2130

Malware in sbrugna...

Code injection

The ADIBINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FNDDOCUMENTS table via the ADIDISPLAYREPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is relat...

CVE-2007-2135

The ADIBINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FNDDOCUMENTS table via the ADIDISPLAYREPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is relat...

CVE-2007-2135

The CVE-2007-2135 entry affects the Oracle E-Business Suite via the ADI_BINARY component. The vulnerability allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table through the ADI_DISPLAY_REPORT function when a certain parameter is passed. The description notes l...

ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability

ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-017.html April 18, 2007 -- CVE ID: CVE-2007-2135 -- Affected Vendor: Oracle -- Affected Products: Oracle E-Business Suite -- TippingPointTM IPS Customer Protection:...

Oracle E-Business Suite Arbitrary Document Download Vulnerability

This vulnerability allows remote attackers to download any existing document in the APPS.FNDDOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADIBINARY component of the E-Business...