Description
netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.
Remediation
Currently, Oracle didn't provided any fix for these vulnerabilities.
References
Related Vulnerabilities
Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2)
WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)
WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)
Server-side JavaScript injection
WordPress Improper Input Validation Vulnerability (CVE-2013-2204)