65 matches found
Design/Logic Flaw
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...
CVE-2018-1999037
CVE-2018-1999037 affects Jenkins Resource Disposer Plugin up to version 0.11. The vulnerability is in AsyncResourceDisposer.java and allows an attacker to stop tracking a resource (data modification). Related advisories confirm an additional CSRF weakness in the API endpoint prior to version 0.12...
CVE-2017-3531
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Servlet Runtime. Supported versions that are affected are 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to...
Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2016-09916)
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in the Oracle...
Cisco IP Communicator Certificate Trust List Manipulation
The version of Cisco IP Communicator is 8.61. Such versions are potentially affected by a data modification vulnerability. By performing a Man-in-the-Middle attack, a remote, unauthenticated attacker could replace the original Certificate Trust List with a modified one. C Tenable Network Security...