2 matches found
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-028 Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
CVE-2015-4886
Oracle E-Business Suite CVE-2015-4886 is an XXE injection vulnerability in the Report Manager component (OA_HTML/copxml) that can allow a remote attacker to read arbitrary files, cause DoS, or enable SMB relay by sending a crafted XML with a DTD. Vulnerable product/version: Oracle E-Business Suit...