CVE-2013-3763

Oracle Endeca Server - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3763. PoCs published by Metasploit, including Metasploit module exploits/windows/http/oracle_endeca_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Oracle Endeca Server 7.4.0 via the createDataStore method in the controlSoapBinding web service. It uses PowerShell to execute a payload, targeting Windows systems.

Description

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/27877

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Oracle Endeca Server 7.4.0 via the createDataStore method in the controlSoapBinding web service. It uses PowerShell to execute a payload, targeting Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Endeca Server 7.4.0

No auth needed

Prerequisites: Network access to the target server · SOAP service exposed on port 7770

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.001 - PowerShell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/oracle_endeca_exec.rb