Lucene search
+L

11 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 1:13 a.m.20 views

CVE-2022-21587

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

9.8CVSS7.7AI score0.98342EPSS
Exploits7References1
The Hacker News
The Hacker News
added 2024/11/08 2:2 p.m.100 views

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...

10CVSS10AI score0.99999EPSS
Exploits368
0day.today
0day.today
added 2023/03/02 12:0 a.m.791 views

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload Exploit

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. This module requires Metasploit:...

9.8CVSS0.1AI score0.98342EPSS
Exploits7
Metasploit
Metasploit
added 2023/03/01 7:50 p.m.314 views

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. Module Options msf use...

9.8CVSS9.8AI score0.98342EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/03/01 12:0 a.m.431 views

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Oracle E-Business Suite EBS Unauthenticated Arbitrary File Upload', 'Description' = %q This module exploits an unauthenticated...

9.8CVSS0.2AI score0.98342EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2023/02/07 5:27 p.m.127 views

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587, a critical arbitrary file upload vulnerability rated 9.8 on the CVSS v3 risk metric impacti...

0.1AI score0.98342EPSS
Exploits7
GithubExploit
GithubExploit
added 2023/02/06 4:18 a.m.504 views

Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite

CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...

9.8CVSS9.7AI score0.98342EPSS
Exploits7
The Hacker News
The Hacker News
added 2023/02/03 5:23 a.m.137 views

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

9.8CVSS2.3AI score0.98342EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2022/10/20 12:0 a.m.58 views

Oracle E-Business Suite (Oct 2022 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions...

9.8CVSS7AI score0.98342EPSS
Exploits8References6
Circl
Circl
added 2022/10/19 12:14 a.m.33 views

CVE-2022-21587

creationtimestamp| type| source ---|---|--- 2022-10-19 00:14:28+00:00| seen| https://t.me/cibsecurity/51702 2023-01-20 12:18:57+00:00| published-proof-of-concept| https://t.me/cKure/10620 2023-02-03 06:39:42+00:00| exploited| https://t.me/thehackernews/3014 2023-02-10 09:31:44+00:00| exploited|...

9.8CVSS7.6AI score0.98342EPSS
In wildExploits7References15
CVE
CVE
added 2022/10/18 12:0 a.m.795 views

CVE-2022-21587

CVE-2022-21587 : An unauthenticated remote code execution in Oracle Web Applications Desktop Integrator (Upload) affects Oracle E-Business Suite 12.2.3–12.2.11. The vulnerability permits network-access via HTTP to compromise the Web Apps Desktop Integrator and can lead to full takeover, with CVSS...

9.8CVSS9.4AI score0.98342EPSS
In wildExploits7References3Affected Software1
Rows per page
Query Builder