Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2016-02558)

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle.PeopleSoft Enterprise HCM Candidate Gateway is a self-service front-end to the Oracle PeopleSoft Enterprise Recruiting solution component. An unspecified vulnerability in the PIA Search Functionality...

Code injection

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality...

CVE-2016-3417

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality...

CVE-2016-3417

CVE-2016-3417 affects Oracle PeopleSoft Products (PeopleSoft Enterprise PeopleTools) versions 8.53–8.55, specifically the PIA Search Functionality subcomponent. The vulnerability is described as unspecified and enables remote authenticated users to affect confidentiality and integrity via PIA Sea...

CVE-2016-1267

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before...

Race condition

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before...

CVE-2016-1267

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before...

CVE-2016-1267

CVE-2016-1267 affects Juniper Networks Junos OS by a race condition in the RPC functionality. Affected Junos OS versions include 12.1X44-D55 and earlier, 12.3R11 and earlier, 13.2R8 and earlier, 14.1R6 and earlier, 14.2R3-S4, 15.1F2/15.1R2, and 16.1R1. The underlying issue allows local users to r...

elit-style.com.ua XSS vulnerability

Vulnerable URL: http://elit-style.com.ua/search?q="/alert/xssposed/...

Symantec ITMS Inventory Solution Application Denial Functionality Bypass

SUMMARY The Inventory Solution component of Symantecs IT Management Agent, the client portion of Symantec IT Management Suite ITMS powered by Altiris, can be configured to deny one or more applications from running on a windows managed client as part of IT management functions. A determined user...

HackerOne: Deleted name still present via mouseover functionality for user accounts

Hey guys, So this isn't really a security bug or a big information disclosure. However, I noticed that if a user removes their name "Eric Angeles" from their account page https://hackerone.com/exodiaforbiddenone it will still be visible by mousing over the users handle on a disclosed report...

Cross-site request forgery

Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf...

Apache Jetspeed Multiple Vulnerabilities (Mar 2016)

Apache Jetspeed is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:jetspeed"; if...

D-Link DVG-5402SP CSRF / Brute Force

Hello list! There are Brute Force, Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DVG-5402SP VoIP Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DVG-5402SP, Firmware RU1.01. Other versions also...

[SECURITY] Fedora 24 Update: php-pecl-http-2.5.6-1.fc24

The HTTP extension aims to provide a convenient and powerful set of functionality for major applications. The HTTP extension eases handling of HTTP URLs, dates, redirects, headers and messages in a HTTP context both incoming and outgoing. It also provid es means for client negotiation of preferre...

[SECURITY] Fedora 23 Update: php-pecl-http-2.5.6-1.fc23

The HTTP extension aims to provide a convenient and powerful set of functionality for major applications. The HTTP extension eases handling of HTTP URLs, dates, redirects, headers and messages in a HTTP context both incoming and outgoing. It also provid es means for client negotiation of preferre...

rlt.ru XSS vulnerability

Vulnerable URL: http://rlt.ru/search/?searchquery=' autofocus onfocus='alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 21:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2504163 Google...

Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)

Exploit for php platform in category web applications var c=-1 var amttodelete=100 var id=document.getElementById"ids" var frm=document.getElementById"CSRF" function doit c++ arguments1.valu...

Citrix ICA Virtual Channels Overview

This article provides details of the design, functionality, and usage of the Citrix ICA Virtual Channels and focuses on the Citrix XenApp Plug-ins/Receiverfor Windows Target Audience Application developers, Citrixserver administrators, and help desk personnel. What are ICA Virtual Channels? A lar...

Fedora 23 : xen-4.5.2-7.fc23 (2016-2c15b72b01)

PV superpage functionality missing sanity checks XSA-167, CVE-2016-1570 VMX: intercept issue with INVLPG on non-canonical address XSA-168, CVE-2016-1571 Qemu: pci: NULL pointer dereference issue CVE-2015-7549 qemu: DoS by infinite loop in ehciadvancestate CVE-2015-8558 qemu: Heap-based buffer...