CVE-2017-1311

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719...

CVE-2017-3630

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris...

CVE-2017-2989

Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database...

CVE-2016-8299

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with...

Unspecified Vulnerability in Oracle Sun Systems Products Suite Oracle Solaris Component

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation, of which Solaris is a Unix-like operating system. A local security vulnerability exists in the Bash subcomponent of the Oracle Solaris component version 10 of the Oracle Sun Systems Products Suite. An...

Oracle Communications Applications Unspecified Vulnerability in Oracle Communications EAGLE Application Processor Component

Oracle Communications is a suite of communications applications for rapidly delivering and monetizing digital lifestyle services from Oracle Corporation. the Oracle Communications EAGLE Application Processor is one of the platform components that provides Signaling Transmission Points STPs,...

Unspecified Vulnerability in Oracle Fusion Middleware WebLogic Server Component (CNVD-2016-02580)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, of which Oracle WebLogic Server is an application server component for both cloud and traditional environments. An unspecified vulnerability in the Core...

Unspecified Vulnerability in Oracle Financial Services Software Oracle FLEXCUBE Direct Banking Component (CNVD-2016-02479)

Oracle Financial Services Software is a set of Oracle's core banking, online banking and property management financial services software, of which Oracle FLEXCUBE Direct Banking is a set of Internet and mobile banking solution components. An unspecified vulnerability exists in the Pre-Login...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2016-02558)

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle.PeopleSoft Enterprise HCM Candidate Gateway is a self-service front-end to the Oracle PeopleSoft Enterprise Recruiting solution component. An unspecified vulnerability in the PIA Search Functionality...

Microsoft Windows Graphics Memory Corruption Vulnerability (CNVD-2015-08116)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory corruption vulnerability exists in the Windows font library of Microsoft Windows. The vulnerability exists because the program does not properly handle specially designed embedded fonts. A remo...

Cisco Unified MeetingPlace SQL Injection Vulnerability (CNVD-2015-04162)

Cisco Unified MeetingPlace conferencing solutions allow organizations to host integrated voice, video, and web conferences. A SQL injection vulnerability exists in Cisco Unified MeetingPlace due to the program failing to properly validate user input within a sql query. An authenticated, remote...

Microsoft Graphics Component Memory Corruption (MS14-007) - Ver2 (CVE-2014-0263)

A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted GIF files. A remote attacker can exploit this issue by enticing a user to view GIF files in shared content. Successful exploitatio...

CVE-2014-2611

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120...

Directory traversal

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120...

rhev-m: MoveDisk ignores the disk's wipe-after-delete property

Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors...

Authentication flaw

GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...

openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)

local users could delete data files for tables of other users CVE-2010-1626. - authenticated users could gather information for tables they should not have access to CVE-2010-1849 - authenticated users could crash mysqld CVE-2010-1848 - authenticated users could potentially execute arbitrary code...

linux/x86 delete all data on filesystem polymorphic shellcode

Exploit for linux/x86 platform in category shellcode ============================================================= linux/x86 delete all data on filesystem polymorphic shellcode ============================================================= /...

mysql: multiple insufficient table name checks

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. dot dot in a table name...

TeraStation HD-HTGL series cross-site request forgery vulnerability

Overview TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety CSRF vulnerability. Impact If a TeraStation HD-HTGL administrator w...