what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files

Oracle Business Intelligence Directory Traversal
Posted Apr 19, 2019
Authored by Vahagn Vardanyan

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-2588
MD5 | 9609e14be7ddc622ccd6ff1ad192dbe1

Related Files

Oracle Business Intelligence And XML Publisher XML Injection
Posted Apr 19, 2019
Authored by Vahagn Vardanyan

Oracle Business Intelligence and XML Publisher versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2019-2616
MD5 | bc009d1748496f3eab0aaea024fbd529
Oracle Business Intelligence Mobile HD 11.x Script Insertion
Posted May 7, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Oracle Business Intelligence Mobile HD version 11.x suffers from a persistent script insertion vulnerability.

tags | exploit
MD5 | bdf5abffa3537b1b230d1e413e84646e
OracleBI Discoverer 10.1.2.48.18 Cross Site Scripting
Posted Dec 12, 2012
Authored by Ur0b0r0x

OracleBI Discoverer version 10.1.2.48.18 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | fb72631ace17b25cfc8b66731814889a
Secunia Security Advisory 51151
Posted Oct 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ERPScan has reported a vulnerability in Oracle Business Intelligence, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 8ef8419843d89579fce5deba7e8135b4
Secunia Security Advisory 50642
Posted Sep 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Business Transaction Management, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 57d45f6891cd7e3b050bc8927def0a6d
Oracle BTM FlashTunnelService Remote Code Execution
Posted Sep 15, 2012
Authored by rgod, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to arbitrary locations. In order to execute remote code two techniques are provided. If the Oracle app has been deployed in the same WebLogic Samples Domain a JSP can be uploaded to the web root. If a new Domain has been used to deploy the Oracle application, the Windows Management Instrumentation service can be used to execute arbitrary code. Both techniques has been successfully tested on default installs of Oracle BTM 12.1.0.7, Weblogic 12.1.1 and Windows 2003 SP2. Default path traversal depths are provided, but the user can configure the traversal depth using the DEPTH option.

tags | exploit, remote, web, arbitrary, root
systems | windows
advisories | OSVDB-85087
MD5 | d44ccc8262b6ee1b99a8b92df7a65c36
Oracle BTM 12.1.0.2.7 Remote File Deletion
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.

tags | exploit, remote
MD5 | 896c6723e4d3eb5be9d4fa7c77601292
Oracle BTM Server 12.1.0.2.7 Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
MD5 | 942dde996f9deaa3c951dcebc0fb416f
Secunia Security Advisory 46517
Posted Oct 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Business Intelligence, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory
MD5 | 837e2ca20547e7ef417a5ae5f5010810
Secunia Security Advisory 40183
Posted Jul 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Abdul-Aziz Hariri has discovered a vulnerability in Oracle Business Intelligence, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 41c3de6ef9138e96f2d0270aba722f47
ORACLE BPM Process Administrator Cross Site Scripting
Posted Jul 16, 2010
Authored by Markot | Site corelan.be

Oracle Business Process Management suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3aa7ad596fa192dcd6d162c62981e9f5
Secunia Security Advisory 40605
Posted Jul 15, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Business Process Management, which can be exploited by malicious people to manipulate certain data.

tags | advisory
MD5 | 5ef0f285ccd9ce7682f6f8aaccf0430f
Secunia Security Advisory 37099
Posted Oct 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Oracle Application Server and Oracle Business Intelligence Enterprise Edition, which can be exploited to manipulate certain data or disclose sensitive information.

tags | advisory, vulnerability
MD5 | 0cb5b0ee37aa4e51e7286b7eb4cf69f3
oracle-multi.txt
Posted Jul 25, 2007
Authored by Stephen Kost, Jack Kanter | Site integrigy.com

Multiple security vulnerabilities have been corrected in the Oracle Business Suite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU). These include SQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
advisories | CVE-2007-3865, CVE-2007-3866, CVE-2007-3867
MD5 | cfd22abaee53757319f1db989c571c46
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    17 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close