39 matches found
Exploit for CVE-2012-3152
Oracle Reports rwservlet Scanner ⚠️ For authorized use on...
EUVD-2005-2983
Malware in sbrugna...
EUVD-2005-2379
Malware in sbrugna...
EUVD-2005-2380
Malware in sbrugna...
EUVD-2007-0277
Malware in sbrugna...
Oracle Reports Servlet Arbitrary File Read
An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 can allow a remote attacker to use this vulnerability to read or write arbitrary files on the system, ultimately leading to remote code execution. No source data...
CVE-2020-2533
Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware component: Security and Authentication. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
Oracle Reports Developer Component Cross-site Scripting (CVE-2019-2413)
A cross-site scripting vulnerability exists in Oracle Reports component. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
Exploit Title: Cross-site Scripting XSS Date: 2019-01-15 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3 REQUIRED Tested on: Windows 10 CVE : CVE-2019-2413 POC:...
Oracle Reports Developer 12.2.1.3 Cross Site Scripting
Exploit Title: Cross-site Scripting XSS Date: 2019-01-15 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3 REQUIRED Tested on: Windows 10 CVE : CVE-2019-2413 POC:...
Acunetix Web Vulnerability Scanner Version 9 - Web Application Security Testing Tool
Acunetix W eb V ulnerability S canner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive...
Oracle Reports Servlet Parsequery Function Remote Database Credentials Exposure
Nessus was able to exploit a flaw in the Oracle Reports servlet parsequery function, and was able to retrieve the plaintext database credentials for one or more users. A remote attacker can exploit this vulnerability to gain unauthorized database access. %NASLMINLEVEL 70300 C Tenable Network...
Oracle Reports Servlet Detection
Binary data oraclereportsdetect.nbin...
Oracle Forms / Reports Remote Code Execution Exploit
This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to wri...
Oracle Fusion Middleware Remote File Inclusion
A remote file inclusion vulnerability has been reported in the Oracle Reports component of Oracle Fusion Middleware. The vulnerability is due to incorrect website configuration that could allow a remote attacker to execute unauthenticated network attacks over HTTP...
Oracle Fusion Middleware Showmap Servlet Information Disclosure (CVE-2012-3152; CVE-2012-3153)
An information disclosure vulnerability has been reported in the Oracle Reports component of Oracle Fusion Middleware. The vulnerability is due to incorrect website configuration that could allow a remote attacker to execute unauthenticated network attacks over HTTP...
oracle--isa-xss.txt
============================================= INTERNET SECURITY AUDITORS ALERT 2007-001 - Original release date: January 17, 2007 - Last revised: January 17, 2007 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 ============================================= I. VULNERABILITY...
Cross site scripting
Cross-site scripting XSS vulnerability in Oracle Reports Web Cartridge RWCGI60 in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and...
CVE-2007-0275
CVE-2007-0275 is a documented cross-site scripting (XSS) vulnerability in the Oracle Reports Web Cartridge (RWCGI60) within the Workflow Cartridge component. The issue allows remote authenticated users to inject arbitrary HTML or web script by supplying a crafted value to the genuser parameter of...
Update Protection against Oracle Reports Arbitrary File Reading Vulnerability
Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server...