Description
netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.
Remediation
Currently, Oracle didn't provided any fix for these vulnerabilities.
References
Related Vulnerabilities
Telerik Web UI Improper Input Validation Vulnerability (CVE-2017-11357)
Telerik Web UI Insecure Direct Object Reference
PHP Improper Input Validation Vulnerability (CVE-2016-3185)
Product Lister for Walmart Remote Code Execution (1.0.1)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2008-7248)