11 matches found
CVE-2022-21587
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload Exploit
This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. This module requires Metasploit:...
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. Module Options msf use...
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Oracle E-Business Suite EBS Unauthenticated Arbitrary File Upload', 'Description' = %q This module exploits an unauthenticated...
CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587, a critical arbitrary file upload vulnerability rated 9.8 on the CVSS v3 risk metric impacti...
Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite
CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...
Oracle E-Business Suite (Oct 2022 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions...
CVE-2022-21587
creationtimestamp| type| source ---|---|--- 2022-10-19 00:14:28+00:00| seen| https://t.me/cibsecurity/51702 2023-01-20 12:18:57+00:00| published-proof-of-concept| https://t.me/cKure/10620 2023-02-03 06:39:42+00:00| exploited| https://t.me/thehackernews/3014 2023-02-10 09:31:44+00:00| exploited|...
CVE-2022-21587
CVE-2022-21587 : An unauthenticated remote code execution in Oracle Web Applications Desktop Integrator (Upload) affects Oracle E-Business Suite 12.2.3–12.2.11. The vulnerability permits network-access via HTTP to compromise the Web Apps Desktop Integrator and can lead to full takeover, with CVSS...