OpenJDK: Swing HTML parsing issue (8296832)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable...

SUSE CVE-2022-32292

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute code...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated global business management software from Oracle Corporation USA. A security vulnerability exists in Oracle Web Applications Desktop Integrator for Oracle E-Business Suite. An unauthenticated attacker could exploit the vulnerability to...

Directory Traversal

ICEcoder is vulnerable to directory traversal. The vulnerability exists in multiple functions in classes/Settings.php and lib/settings.php where an attacker will gain unauthorized access to restricted directories and files outside of the web root folder using a HTTP exploit...

CVE-2022-21450

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub product of Oracle PeopleSoft component: My Links. The supported version that is affected is 9.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL...

CVE-2022-21389

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

CVE-2022-21359

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Optimization Framework. Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSo...

CVE-2022-21361

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Sample apps. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...

CVE-2022-21275

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

CVE-2021-2324

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Loans And Deposits. Supported versions that are affected are 12.0-12.4, 14.0-14.4 and . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...

Unspecified Vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Oracle Financial Services Analytical Applications Infrastructure is the Oracle Financial Services Analytical Applications Infrastructure that powers the Oracle Financial Services Analytical Applications family of products. A security vulnerability exists in the Rules Framework component of Oracle...

CVE-2021-2107

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Unauthorized Access Vulnerability in NetSense SecGate 3600 Firewall

Netnifty SecGate 3600 Firewall is a composite hardware firewall based on stateful inspection packet filtering and application-level proxies. NetShen SecGate 3600 firewall has an unauthorized access vulnerability. An attacker can exploit the vulnerability to access the network via HTTP, thereby...

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

What’s up? As if October 2020 hasn’t been scary enough, Rapid7 Labs, the SANS Internet Storm Center ISC, and other researchers have caught attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to...

SolarWinds Serv-U File Server Information Disclosure Vulnerability

SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A security vulnerability exists in SolarWinds Serv-U File Server versions prior to 15.2.1. An attacker can exploit this vulnerability with an HTTP response to cause information disclosure...

CVE-2020-2871

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2020-2717

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Nostromo 1.9.6 Directory Traversal / Remote Command Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function httpverify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request. This module...

CVE-2019-3000

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

Exploit for CVE-2018-9995

This is an exploit module for a DVR Digital Video Recorder vulnerability, specifically CVE-2018-9995. The exploit is designed to obtain exposed credentials from the DVR. The module is written in Python and uses the requests library to send HTTP requests to the DVR. The exploit targets a...