Apologies, the CVE-ID for this advisory is actually CVE-2013-5877 On 28/02/14 15:16, Portcullis Advisories wrote: > Vulnerability title: Local File Inclusion in Oracle Demantra > CVE: CVE-2014-5877 > Vendor: Oracle > Product: Demantra > Affected version: 12.2.1 > Fixed version: 10.1.1.2 > Reported by: Oliver Gruskovnjak > > Details: > > A Local File Include (LFI) vulnerability has been discovered in Oracle > Demantra. The vulnerability occurs when a file from the target system > is injected into a page on the attacked server page. > > The vulnerable page is: > * /demantra/GraphServlet > > > Further details at: > https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5877/ > > > Copyright: > Copyright (c) Portcullis Computer Security Limited 2014, All rights > reserved worldwide. Permission is hereby granted for the electronic > redistribution of this information. It is not to be edited or altered > in any way without the express written consent of Portcullis Computer > Security Limited. > > Disclaimer: > The information herein contained may change without notice. Use of > this information constitutes acceptance for use in an AS IS condition. > There are NO warranties, implied or otherwise, with regard to this > information or its use. Any use of this information is at the user's > risk. In no event shall the author/distributor (Portcullis Computer > Security Limited) be held liable for any damages whatsoever arising > out of or in connection with the use or spread of this information.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
