7 matches found
Oracle Endeca Server createDataStore Remote Command Execution - Ver2 (CVE-2013-3763)
A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...
Oracle Endeca Server Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Oracle Endeca Server createDataStore Remote Command Execution (CVE-2013-3763)
A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...
CVE-2013-3763
creationtimestamp| type| source ---|---|--- 2013-08-26 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/27877 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/oracleendecaexec.rb 2025-02-06 03:13:41+00:00| seen...
Oracle Endeca Server - Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle Endeca Server Remote Command...
Oracle Endeca Server Remote Command Execution
This module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. In addition, t...
CVE-2013-3763
The CVE-2013-3763 vector is a command-injection vulnerability in Oracle Endeca Server (Oracle Fusion Middleware) affecting 7.4.0 and 7.5.1.1 via the controlSoapBinding createDataStore method. Connected advisories (CPAIs) describe remote command execution with a flaw that can be exploited by sendi...