CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2017/02/10 12:0 a.m.•2 views

Multiple SQL Injection Vulnerabilities in Ecava IntegraXor

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor suffers from multiple SQL injection vulnerabilities that stem from a failure to properly validate a SQL query before using user input. An attacker could use this vulnerability ...

9.8CVSS8AI score0.00281EPSS

CNVD•added 2017/02/10 12:0 a.m.•1 views

SageCRM SQL Injection Vulnerability

SageCRM is a customer relationship management system CRM. SageCRM suffers from a SQL injection vulnerability, which is exploited by attackers to access or modify data or exploit potential vulnerabilities in the underlying database because the program fails to adequately filter user-supplied input...

10CVSS8AI score0.04033EPSS

BDU FSTEC•added 2017/02/09 12:0 a.m.•2 views

The vulnerability of the Java Mission Control component of the Java Platform allows a perpetrator to modify data.

The vulnerability of the Java Mission Control component of the Java Platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify, add, or delete data using network packets...

4.3CVSS5.8AI score0.00558EPSS

Exploits2References3

BDU FSTEC•added 2017/02/09 12:0 a.m.•4 views

The vulnerability of the Oracle VM VirtualBox virtual machine allows a hacker to gain access to data reading, modify data, or cause a partial service failure.

The vulnerability of the GUI component of the Oracle VM VirtualBox lies in security configuration errors. Exploiting this vulnerability allows a malicious actor to gain read access to data, modify, add, or delete data, or cause partial service failure through HTTP requests...

6.8CVSS6.9AI score0.00324EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2017/02/09 12:0 a.m.•3 views

The vulnerability of the Oracle Sun operating system, which allows a hacker to modify data

The vulnerability of the Oracle Sun operating system’s kernel is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to modify, add, or delete data using network packets...

4.3CVSS5.8AI score0.00447EPSS

Exploits0References3Affected Software1

CNVD•added 2017/02/06 12:0 a.m.•2 views

EMC Documentum D2 DQL Injection Vulnerability

EMC Documentum D2 is an enterprise-class content management system from EMC. The system manages the entire information lifecycle through creation, modification, tracking and other functions, and it includes a number of extensions, such as Documentum Web Publisher Web Content Management, Documentu...

6.5CVSS7.1AI score0.00586EPSS

Prion•added 2017/02/03 7:59 a.m.•9 views

Design/Logic Flaw

EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information,...

6.5CVSS7.6AI score0.00586EPSS

Exploits0References3Affected Software1

OSV•added 2017/02/03 7:59 a.m.•1 views

CVE-2016-9873

6.3CVSS6AI score

Exploits0References3

NVD•added 2017/02/03 7:59 a.m.•9 views

CVE-2016-9873

6.5CVSS6.6AI score0.00586EPSS

Exploits0References3

OSV•added 2017/02/01 8:59 p.m.•1 views

CVE-2016-5939

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

6.3CVSS5.9AI score0.00252EPSS

OpenVAS•added 2017/01/31 12:0 a.m.•25 views

Advantech WebAccess 'updateTemplate.aspx' SQL Injection and Authentication Bypass Vulnerabilities

Advantech WebAccess is prone to an SQL injection SQLi vulnerability and an authentication-bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

9.8CVSS9.6AI score0.00967EPSS

Exploits3References4

OSV•added 2017/01/27 10:59 p.m.•1 views

CVE-2017-3443

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

OSV•added 2017/01/27 10:59 p.m.•2 views

Exploits0References3

CVE-2017-3435

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...

OSV•added 2017/01/27 10:59 p.m.•1 views

CVE-2017-3437

8.2CVSS7.3AI score0.00845EPSS

OSV•added 2017/01/27 10:59 p.m.•1 views

CVE-2017-3417

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...

OSV•added 2017/01/27 10:59 p.m.•2 views

CVE-2017-3430

8.2CVSS7.3AI score0.00845EPSS

OSV•added 2017/01/27 10:59 p.m.•2 views

CVE-2017-3426