Oracle E-Business Suite CVE-2025-61882 RCE

This module exploits CVE-2025-61882 in Oracle E-Business Suite by combining SSRF, Path Traversal, HTTP request smuggling and XSLT injection. The exploit hosts a malicious XSL file that the target will fetch and process, leading to RCE. This module provides an interactive shell session. Vulnerable...

Exploit for Missing Authentication for Critical Function in Oracle Marketing

✨ CVE-2025-62481 — Oracle Marketing Administration EBS Cri...

Exploit for Improper Authentication in Oracle Concurrent_Processing

CVE‑2025‑61882 Scan/Exploit ⚠️Legal Disclaimer Legal...

CVE-2025-61753

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: Miscellaneous. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...

Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added five security flaws to its Known Exploited Vulnerabilities KEV Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite EBS has been weaponized in real-world attacks. The...

⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

Every week, the cyber world reminds us that silence doesn't mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week's edition looks at how attackers are changing the game — linki...

CVE-2025-30731

Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite component: Configuration. Supported versions that are affected are 12.2.3-12.2.14. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle...

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. Module Options msf use...

CVE-2023-21825

CVE-2023-21825 affects Oracle E-Business Suite’s Oracle iSupplier Portal (Supplier Management). Versions 12.2.6–12.2.8 are affected. An unauthenticated, network-accessible attacker can exploit via HTTP to obtain unauthorized read access to a subset of data. The issue is described as easily exploi...

U.S. Dept Of Defense: Local File Read vulnerability on ██████████ [HtUS]

Kindly check screenshot ███████: In case if scope question. Because i picked this site from DOD website list under 'dod sites'. Lets move on to the bug now : Summary: Local File Include vulnerability on ███. Oracle Ebs Bispgrapgh is prone to a directory traversal vulnerability that can be exploit...

CVE-2022-21500

CVE-2022-21500 affects Oracle E-Business Suite, specifically the Manage Proxies component, with the vulnerable line item in 12.2 (12.1 is not impacted). The issue enables an attacker to access or potentially take over data in the Oracle E-Business Suite via HTTP over the network, with CVSSv3.1 ba...

CVE-2021-2406

CVE-2021-2406 affects Oracle E-Business Suite’s Oracle Collaborative Planning product, User Interface component. Affected versions are 12.1.1–12.1.3. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise Oracle Collaborative Planning, potentially enabling u...

CVE-2021-2398

The CVE-2021-2398 entry covers a vulnerability in Oracle E-Business Suite’s Oracle Advanced Outbound Telephony (Region Mapping) affecting versions 12.1.1–12.1.3 and 12.2.3–12.2.10. The issue allows a low-privilege, unauthenticated attacker with network access via HTTP to compromise data within Or...

CVE-2021-2259

CVE-2021-2259 affects Oracle E-Business Suite Payables (India Localization, Results). Affected versions are 12.1.1–12.1.3 and 12.2.3–12.2.10. An attacker with network access via HTTP and low privileges can compromise Oracle Payables, with potential unauthorized creation/deletion/modification of d...

CVE-2021-2189

CVE-2021-2189 affects Oracle E-Business Suite Sales Offline, Template component, with affected versions 12.1.1–12.1.3 and 12.2.3–12.2.10. An unauthenticated, network-accessible attacker over HTTP can trigger a hang or crash in Oracle Sales Offline (DoS). The vulnerability is documented across mul...

CVE-2020-14822

CVE-2020-14822 affects Oracle E-Business Suite Installed Base APIs. Affected are Oracle E-Business Suite versions 12.1.1–12.1.3 and 12.2.3–12.2.10. The vulnerability is exploitable over HTTP by an unauthenticated, network-reachable attacker and, per the entry, requires user interaction, with pote...

CVE-2019-2653

CVE-2019-2653 is a vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (Print Server). Affected versions include 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, and 12.2.8. The issue allows an unauthenticated attacker with network access via HTT...

CVE-2018-3017

CVE-2018-3017 affects the Oracle E-Business Suite, specifically the CRM Technical Foundation component (subcomponent: Preferences). Affected versions: 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7. The vulnerability allows an unauthenticated attacker with network access via H...

Micro Focus NetIQ Identity Manager Oracle EBS Driver Information Disclosure Vulnerability

Micro Focus NetIQ Identity Manager is a suite of identity management solutions from Micro Focus UK. The solution provides the foundation for account provisioning, user self-service, authorization and Web services, and supports data sharing and synchronization.Oracle EBS driver is one of the EBS...

Design/Logic Flaw

The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables...