129 matches found
CVE-2019-16386
PEGA Platform 7.x–8.x is disclosed to have an information-disclosure vulnerability, exploitable via a direct request to /prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id to obtain database schema information. Dispute exists about privilege level (v...
PT-2019-14651 · Pegasystems · Pega Platform
Name of the Vulnerable Software and Affected Versions: PEGA Platform versions 7.x through 8.x Description: The issue allows for information disclosure via a direct request to /prweb/sso/random token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random harness id to obtain database sche...
[SECURITY] Fedora 31 Update: opendmarc-1.3.2-1.fc31
OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...
CVE-2019-13409
A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 2019/08/19. An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password...
CVE-2019-13409
A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 2019/08/19. An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password...
Sql injection
A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 2019/08/19. An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password...
CVE-2019-13409 A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19)
A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 2019/08/19. An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password...
Fedora 30 : opendmarc (2019-24b3f84f6e)
This update provides the final 1.3.2 release previously the package was 1.3.2 beta. It also includes the previously-omitted database schema directory resolving 1415753 and rddmarc tools, and backports proposed fixes for a crasher bug and security issue CVE-2019-16378 from upstream submissions. No...
[SECURITY] Fedora 29 Update: opendmarc-1.3.2-1.fc29
OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...
CVE-2019-17503
An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...
CVE-2018-17562
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...
CVE-2018-17562
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...
Sql injection
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...
CVE-2018-17562
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...
SUSE-SU-2018:2317-1 Security update for grafana, kafka, logstash, openstack-monasca-installer
This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues: Security issues fixed: - CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links bsc1096985. - CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information bsc1090849. Bug...
Oracle WebCenter FatWire Content Server 7 - Improper Access Control
Oracle WebCenter FatWire Content Server 7 - Improper Access Control Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 =...
Oracle WebCenter (Fatwire) Improper Access Control
Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...
Oracle WebCenter FatWire Content Server < 7 - Improper Access Control
Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to the main page; the 2 beanReference parameter to the JavaBean viewer page; or the 3 pyTableName to the System database schema...
CVE-2017-11355
Pegasystems PEGA Platform 7.2 ML0 and earlier are affected by multiple XSS vulnerabilities (CVE-2017-11355) allowing remote attackers to inject arbitrary scripts via PATH_INFO, the JavaBean viewer beanReference, or pyTableName on the System database schema modification page; CVE-2017-11356 also a...