CVE-2016-8310

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2016-8317

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Unit Trust. Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2017-01022)

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management, etc. Oracle One-to-One Fulfillment is one of the...

Man-in-the-middle Remote Code Execution Vulnerability in Ali Want Want Windows Edition

Aliwangwang is a personal transaction communication software customized for Taobao, which facilitates real-time communication between buyers and sellers in the transaction process. A man-in-the-middle remote code execution vulnerability exists in Ali Want Want for Windows. Since Ali Want Want use...

EMC Isilon OneFS Native LDAP Injection Vulnerability

EMC Isilon OneFS is a distributed file system that supports EMC Isilon Horizontally Scalable Storage System from EMC Corporation. The system combines the three layers of a traditional storage architecture file system, volume manager and data protection into a single unified software layer to crea...

Oracle Siebel Remote Vulnerability

Oracle Siebel CRM is the United States Oracle Oracle company's set of customer relationship management solutions , which includes sales management , marketing management , customer service systems , call centers and other modules.Siebel UI Framework is one of the framework components based on the...

JDK: unspecified vulnerability fixed in 8u121 (Java Mission Control)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Java Mission Control. The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

IBM Kenexa LMS on Cloud SQL Injection Vulnerability (CNVD-2017-00565)

IBM Kenexa LMS on Cloud is a configurable, enterprise-grade social learning management system LMS from IBM that integrates social networking, collaboration, and knowledge sharing capabilities. The system provides interactive features and supports users to evaluate learning content and share their...

IBM Kenexa LMS on Cloud SQL Injection Vulnerability (CNVD-2017-00564)

IBM Kenexa LMS on Cloud is a configurable, enterprise-grade social learning management system LMS from IBM that integrates social networking, collaboration, and knowledge sharing capabilities. The system provides interactive features and supports users to evaluate learning content and share their...

My Php Dating 'path' Parameter SQL Injection Vulnerability

My Php Dating 2.0 is an online dating site system. A SQL injection vulnerability exists in the My Php Dating 'path' parameter, which can be exploited by attackers to access or modify database data...

mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client mysqldump. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client mysqldump. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

CVE-2016-2887

IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...

CVE-2016-2877

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...

CVE-2016-2877

CVE-2016-2877 affects IBM QRadar SIEM 7.1 (before MR2 Patch 13) and 7.2 (before 7.2.7). Root cause: incorrect/weak permissions on certain web root directories allow a local user to write to files, potentially modifying data in web-accessible areas. Remediation: upgrade to QRadar 7.1 MR2 Patch 13 ...

CVE-2016-2877

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...

MyBB has multiple vulnerabilities (CNVD-2016-11615)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.8 including: SQL injectio...

MyBB has multiple vulnerabilities (CNVD-2016-11616)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.8 including: SQL injectio...

WordPress Answer My Question Plugin <= 1.3 - SQL Injection

This plugin is prone to an SQL injection vulnerability. It allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution There is no solution...

PT-2016-2972 · Microsoft · Chakra Javascript Engine +3

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Microsoft Internet Explorer affected versions not specified Microsoft Windows affected versions not specified Description: The issue is caused by a buffer overflow in the Chakra JavaScript engine...