11 matches found
VulnCheck KEV: CVE-2012-3153
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...
CVE-2012-3153
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/oraclereportsrce.rb 2025-02-06 03:13:40+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:06+00:00| seen|...
Oracle Forms and Reports 11.1 - Remote Exploit
No description provided by source. !/usr/bin/env ruby Exploit Title: Oracle Reports 11.1 About: Automated exploit for CVE-2012-3153/CVE-2012-3152 Google Dork: inurl:/reports/rwservlet/ Date: 01/28/2014 Exploit Author: Mekanismen [email protected] Credits to: @misssudo for initial disclosure...
Oracle Forms and Reports - Remote Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'Oracle Forms and Reports Remote Code Execution', 'Description' = %q This module uses two vulnerabilities in Oracle form...
Oracle Forms and Reports 11.1 - Remote Exploit
Exploit for jsp platform in category remote exploits require 'uri' require 'open-uri' require 'openssl' OpenSSL::SSL::VERIFYPEER = OpenSSL::SSL::VERIFYNONE def uploadpayloaddest url =...
Oracle Reports Developer Version Release 9i to 10gr2 Database Disclosure
An undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G DS and AS, and 10G AS...
Oracle Forms and Reports 11.1 - Arbitrary Code Execution
!/usr/bin/env ruby Exploit Title: Oracle Reports 11.1 About: Automated exploit for CVE-2012-3153/CVE-2012-3152 Google Dork: inurl:/reports/rwservlet/ Date: 01/28/2014 Exploit Author: Mekanismen Credits to: @misssudo for initial disclosure Reference: http://netinfiltration.com/ Vendor Homepage:...
Oracle Forms And Reports Database Disclosure
PARSEQUERY http://docs.oracle.com/cd/E1676401/bi.1111/b32121/pbrcla007.htmi640592 Description Use PARSEQUERY to parse an rwservlet query and display the constructed Reports Server command line. Syntax http://yourwebserver/reports/rwservlet/parsequery?server=servername&authid=username/password...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the Octob...
CVE-2012-3153
CVE-2012-3153 affects Oracle Fusion Middleware’s Oracle Reports Developer (11.1.1.4/11.1.1.6/11.1.2.0). It involves an unspecified vulnerability in the Reports Servlet that can compromise confidentiality and integrity via unknown vectors related to the Report Server component; the vulnerability m...
CVE-2012-3152
CVE-2012-3152/3153 affect Oracle Fusion Middleware’s Oracle Reports Developer component (11.1.1.4, 11.1.1.6, 11.1.2.0). An unspecified vulnerability in the Report Server/Servlet can allow remote attackers to affect confidentiality and integrity; one note indicates possible file read/upload of a ....