infinispan: auth bypass in REST api

It was found that the REST API in infinispan did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...

CVE-2017-2638

It was found that the REST API in infinispan did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...

Oracle PeopleSoft Enterprise SCM eBill Payment Remote Vulnerability

Oracle PeopleSoft Products is a set of enterprise human capital management solutions from Oracle, which provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise SCM eBill Payment is one of the electronic billing display solution...

Sql injection

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service data deletion, or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor...

CVE-2016-6818

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service data deletion, or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor...

CVE-2016-6818

SAP Business Intelligence platform before January 2017 is vulnerable to SQL injection via crafted SQL queries, allowing remote attackers to obtain sensitive information, modify data, cause a DoS by data deletion, or launch administrative operations and potentially OS commands. Root cause: insuffi...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

CVE-2016-4896

SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors...

Session fixation

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

Cisco Unified Communications Manager SQL Injection Vulnerability (CNVD-2017-04874)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. Cisco Unified Communications Manager suffers...

Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone

The Bastet of some Huawei mobile phones have three buffer overflow vulnerabilities due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the...

CVE-2017-2412

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...

Xoops SQL Injection Vulnerability

XOOPS eXtensible Object Oriented Portal System is XOOPS team development and maintenance of a set of open source based on PHP and MySQL content management system . A SQL injection vulnerability exists in Xoops' findusers.php page. Since the url parameter is not filtered for malicious characters, ...

Joomla! Coupon Plugin SQL Injection Vulnerability

Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the Coupon plugin for Joomla! Due to poor parameter filtering, an attacker can exploit the vulnerability to access or modify database data...

MGASA-2017-0078 Updated virtualbox packages fixes security vulnerabilities

This update provides virtualbox 5.1.18 maintenance release and resolves at least the following security issues: A vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read access to a...

Joomla JobGrok Application Component 'Itemid' Parameter SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'Itemid' parameter of the Joomla JobGrok Application component, which can be exploited by attackers to access or modify database data...

Joomla! OpenCart Component SQL Injection Vulnerability

Joomla! is a content management system which is quite famous in foreign countries.OpenCart is a system component for product management in Joomla! A SQL injection vulnerability exists in the productid parameter of the Joomla! OpenCart index.php page, which can be exploited by attackers to access ...

Moodle SQL Injection Vulnerability (CNVD-2017-04275)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. Moodle suffers from a SQL injection vulnerability that originates from the program...

Multiple SQL Injection Vulnerabilities in Kinsey Infor-Lawson

Kinsey Infor-Lawson is Kinsey's effort to change the way organizations build and digest information. Kinsey Infor-Lawson suffers from multiple SQL injection vulnerabilities due to a failure to adequately validate user data before performing SQL queries. An attacker could exploit this vulnerabilit...

Joomla Vik Appointments Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'itemopt' parameter of the Joomla Vik Appointments component, which can be exploited by attackers to access or modify database data...