• netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.

• Currently, Oracle didn't provided any fix for these vulnerabilities.

• • CVE-2012-3152
  • CVE-2012-3153

• 

• CVE-2012-3152

  CVE-2012-3153

• CWE-20

• Code Execution

• WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)
• WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)
• vBulletin PHP object injection vulnerability
• OpenX arbitrary file upload
• Ruby on Rails weak/known secret token