WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle Reports rwservlet vulnerabilities

Description

netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.

Remediation

Currently, Oracle didn't provided any fix for these vulnerabilities.

References

Related Vulnerabilities

WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2)

SugarCRM Improper Input Validation Vulnerability (CVE-2011-0745)

vBulletin 5.x 0day pre-auth RCE

TYPO3 Improper Input Validation Vulnerability (CVE-2020-15099)

WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)

Severity

High

Classification

CVE-2012-3152 CVE-2012-3153 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Code Execution Directory Listing Acumonitor