lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5310AAD5.4000404@portcullis-security.com>
Date: Fri, 28 Feb 2014 15:27:17 +0000
From: Portcullis Advisories <advisories@...tcullis-security.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, 
 vuln@...unia.com, moderators@...db.org
Subject: Re: CVE-2014-5877 - Local File Inclusion in
	Oracle Demantra

Apologies, the CVE-ID for this advisory is actually CVE-2013-5877

On 28/02/14 15:16, Portcullis Advisories wrote:
> Vulnerability title: Local File Inclusion in Oracle Demantra
> CVE: CVE-2014-5877
> Vendor: Oracle
> Product: Demantra
> Affected version: 12.2.1
> Fixed version: 10.1.1.2
> Reported by: Oliver Gruskovnjak
>
> Details:
>
> A Local File Include (LFI) vulnerability has been discovered in Oracle
> Demantra. The vulnerability occurs when a file from the target system
> is injected into a page on the attacked server page.
>         
> The vulnerable page is:
> * /demantra/GraphServlet
>
>
> Further details at:
> https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5877/
>
>
> Copyright:
> Copyright (c) Portcullis Computer Security Limited 2014, All rights
> reserved worldwide. Permission is hereby granted for the electronic
> redistribution of this information. It is not to be edited or altered
> in any way without the express written consent of Portcullis Computer
> Security Limited.
>
> Disclaimer:
> The information herein contained may change without notice. Use of
> this information constitutes acceptance for use in an AS IS condition.
> There are NO warranties, implied or otherwise, with regard to this
> information or its use. Any use of this information is at the user's
> risk. In no event shall the author/distributor (Portcullis Computer
> Security Limited) be held liable for any damages whatsoever arising
> out of or in connection with the use or spread of this information. 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ