Description
netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.
Remediation
Currently, Oracle didn't provided any fix for these vulnerabilities.
References
Related Vulnerabilities
Cisco IOS XE Web UI Implant (CVE-2023-20198)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-3187)
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.8)
WordPress Plugin WP Marketplace TimThumb Arbitrary File Upload (1.1.0)
TYPO3 Improper Input Validation Vulnerability (CVE-2019-11832)