89 matches found
CVE-2023-46179
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...
1Panel Security Vulnerability
1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A security vulnerability exists in 1Panel that stems from a vulnerability that causes a cookie to be sent in plain text once accessed using HTTP...
GHSA-3VVC-V8C2-43R7 Apache Kylin has Insufficiently Protected Credentials
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
VulnCheck KEV: CVE-2019-2768
Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2023-21924
Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications component: Core. Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...
Oracle Health Sciences Applications 安全漏洞
Oracle Health Sciences Applications is a suite of clinical development solutions for the healthcare industry from Oracle Corporation. A security vulnerability exists in the Core component of Oracle Health Sciences Applications version 6.3.1.3 and earlier and version 7.0.0.1 and earlier. An...
CVE-2022-34487
creationtimestamp| type| source ---|---|--- 2022-07-21 22:23:33+00:00| seen| https://t.me/cibsecurity/46770 2025-11-29 17:32:06+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-34487.yaml 2025-12-02 21:02:29+00:00| seen|...
CVE-2022-21543
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Updates Environment Mgmt. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
CVE-2019-14839
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc...
PortlandLabs Concrete CMS 安全漏洞
PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A security vulnerability exists in Concrete CMS 8.5.5 and prior versions, which can be exploited by an attacker to obtain an update json over HTTP potentially leading to remote...
CVE-2021-2400
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: E-Business Suite - XDO. Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...
CVE-2021-28937
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 28.08.06.1 contains the administrator account password in plaintext. The page can be intercepted on HTTP...
PT-2021-17038 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue concerns the cleartext transmission of sensitive information in the synoagentregisterd component, allowing man-in-the-middle attackers to spoof servers vi...
CVE-2021-2067
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside...
Oracle Fusion Middleware WebLogic Server Security Vulnerability
Oracle WebLogic Server is an Oracle application services middleware for cloud and traditional environments that provides a modern, lightweight development platform, supports application lifecycle management from development to production, and simplifies application deployment and management. A...
CVE-2020-4126
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later...
CVE-2020-14864
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Installation. Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
CVE-2020-14824
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2020-2941
Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP...
CVE-2020-2881
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical...