10441 matches found
HPE System Management Homepage Information Disclosure Vulnerability
HPE System Management Homepage is a Web-based interface. The interface consolidates and simplifies the process of single-system management of HP servers running HP-UX, Linux, and Microsoft Windows operating systems. An information disclosure vulnerability exists in HPE System Management Homepage...
CVE-2016-2296
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...
CVE-2016-2296
CVE-2016-2296 affects Meteocontrol WEB’log Basic 100, Light, Pro and Pro Unlimited. The vulnerability is an authentication bypass allowing access to the post-admin login pages, enabling remote attackers to obtain sensitive information or modify data (unspecified vectors). Technical details are su...
Information disclosure
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors...
CANDID 'view.php' SQL Injection and Cross Site Scripting Vulnerabilities
CANDID is prone to sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2016-2014
HPE Network Node Manager i NNMi 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors...
CVE-2016-2014
HPE Network Node Manager i NNMi 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors...
CVE-2016-2014
HPE Network Node Manager i NNMi 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors...
CVE-2016-2014
CVE-2016-2014 affects HPE Network Node Manager i (NNMi) versions 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01. The vulnerability allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. The provided connected sources confirm the affected product and the i...
Oracle Retail Applications Unspecified Vulnerability in Oracle Retail Xstore Point of Service Component
Oracle Retail Applications is a set of retail applications store solutions from Oracle Corporation. Oracle Retail Xstore Point of Service is one of the retail point of service management components. An unspecified vulnerability exists in the Xstore Services subcomponent of the Oracle Retail Xstor...
Unspecified Vulnerability in Oracle Fusion Middleware WebLogic Server Component (CNVD-2016-02579)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, of which Oracle WebLogic Server is an application server component for both cloud and traditional environments. An unspecified vulnerability in the Console...
Unspecified Vulnerability in Oracle Database Server RDBMS Security Component (CNVD-2016-02583)
Oracle Database Server is a relational database management system from Oracle Corporation, of which RDBMS Security is a database security storage component. An unspecified vulnerability in the RDBMS Security component of Oracle Database Server can be exploited by a local attacker to update, inser...
Unspecified Vulnerability in Oracle Sun Solaris Automated Installer Subcomponent
Oracle Sun Solaris is a set of Unix-like operating systems from Oracle. A security vulnerability in the Automated Installer subcomponent of Oracle Sun Solaris version 11.3 can be exploited by a remote attacker to update, insert, or delete data, compromising data integrity...
Unspecified vulnerability in Oracle E-Business Suite CRM Wireless component (CNVD-2016-02569)
Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. An unspecified vulnerability in the Call Phone Number Page subcomponent of the Oracle CRM Wireless component of Oracle E-Business Suite version 12.1.3...
Oracle Sun Solaris Fwflash Subcomponent Denial of Service Vulnerability
racle Sun Solaris is a Unix-like operating system from Oracle. A security vulnerability in the Fwflash subcomponent of Oracle Sun Solaris version 11.3 can be exploited by a local attacker to create, delete, or modify data, and may also cause a denial of service. The integrity and availability of...
Unspecified Vulnerability in Oracle Fusion Middleware Business Intelligence Enterprise Edition Component (CNVD-2016-02483)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's Oracle business innovation platform for enterprise and cloud environments, of which Oracle Business Intelligence Enterprise Edition is a business intelligence component. An unspecified vulnerability in the Analytics Scorecard...
Samba MS-SAMR/MS-LSAD Man-in-the-Middle Attack Vulnerability
Samba is a freeware implementation of the SMB protocol on Linux and UNIX systems, consisting of a server and a client program. Samba versions 3.6.0-4.4.0 have a security vulnerability in the MS-SAMR and MS-LSAD protocols due to not properly handling DCERPC connections. It could allow a...
Samba Security Bypass Vulnerability
Samba is a set of free software that enables the UNIX family of operating systems to connect to the SMB/CIFS network protocol of the Microsoft Windows operating system. The Samba client's Server Message Block SMB signature fails to use the SMB1 protocol, allowing an attacker to exploit this...
Samba Man-in-the-Middle Attack Vulnerability (CNVD-2016-02276)
Samba is a set of free software that enables the UNIX family of operating systems to connect to the SMB/CIFS network protocol of the Microsoft Windows operating system. Samba fails to protect the integrity of IPC traffic, allowing an attacker to exploit this vulnerability as a man-in-the-middle...
samba: Smb signing not required by default when smb client connection is used for ipc usage
It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...