Description

netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.

Remediation

Currently, Oracle didn't provided any fix for these vulnerabilities.

References

CVE-2012-3152

CVE-2012-3153

Related Vulnerabilities

Citrix ADC/Gateway Unauthenticated Remote Code Execution

Roundcube Improper Input Validation Vulnerability (CVE-2011-1491)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2014-0082)

TYPO3 Improper Input Validation Vulnerability (CVE-2012-1608)

WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)

Severity

High

Classification

CVE-2012-3152 CVE-2012-3153 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Code Execution Directory Listing Acumonitor