Design/Logic Flaw

Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls...

CVE-2018-18251

Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls...

The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite allows a perpetrator to access data for modification, addition, or deletion.

The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protoco...

UC Browser is the presence of man in the middle attacks(MITM)vulnerability that could impact more than a billion devices-vulnerability warning-the black bar safety net

Researchers find UC Browser in the presence of a vulnerable functional block can be exploited by attackers to perform MiTM attacks. Because the UC Browser using the HTTP Protocol to communicate with the server, the transmission information is not encrypted, so the would be attacker hook request...

. NET advanced code audit of the fifth classes . NET Remoting deserialization vulnerability-vulnerability warning-the black bar safety net

In recent days foreign security researcher Soroush Dalili @irsdl公布了.NET the Remoting application may exist deserializing a security risk, when the server using the HTTP channel of the SoapServerFormatterSinkProvider class as the channel of the receiver and will automatically deserialize the...

The vulnerability of the NX-API network operating system function of Cisco NX-OS routers allows attackers to execute arbitrary commands.

The vulnerability of the NX-API network operating system function in Cisco NX-OS routers is related to the lack of measures for input data sanitization. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands with superuser privileges by sending malicious HTT...

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

============================================= MGC ALERT 2019-001 - Original release date: February 06, 2019 - Last revised: March 13, 2019 - Discovered by: Manuel García Cárdenas - Severity: 7/10 CVSS Base Score - CVE-ID: CVE-2019-9618 ============================================= I. VULNERABILIT...

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion ============================================= MGC ALERT 2019-001 - Original release date: February 06, 2019 - Last revised: March 13, 2019 - Discovered by: Manuel García Cárdenas - Severity: 7/10 CVSS Base Score - CVE-ID:...

The vulnerability of the WebCenter Spaces Application component of the Oracle WebCenter Portal web platform, which allows a intruder to gain unauthorized access to protected data

The vulnerability of the WebCenter Spaces Application web platform’s Oracle WebCenter Portal relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

The vulnerability of the Outside In Filters component within the software development kit (SDK) of Outside In Technology allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using th...

The vulnerability of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite system allows attackers to gain access to protected information.

The vulnerability of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite system relates to insufficient access control. Exploiting this vulnerability could allow an attacker operating remotely to gain access to protected information using the HTTP protocol...

The vulnerability of the Outside In Filters component of the software development kit (SDK) from Outside In Technology allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the HTTP protocol...

Vulnerability of the Application Container component – The JavaEE application server Oracle WebLogic Server, which allows attackers to gain unauthorized access to protected data

The vulnerability of the Application Container component – the JavaEE application server Oracle WebLogic Server – is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP...

The vulnerability of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite system allows a perpetrator to alter the access rights to files.

The vulnerability of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite system relates to insufficient access control. Exploiting this vulnerability could allow an attacker, operating remotely, to alter the access rights to files using the HTTP protocol...

The vulnerability of the User Interface component of the Oracle Hyperion Common Events service allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the User Interface component of the Oracle Hyperion Common Events service is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

The vulnerability of the UIF Open UI component of the Oracle Siebel UI Framework software platform allows a malicious actor to gain unauthorized access to protected data. This vulnerability exists in the Oracle Siebel CRM system, which manages customer relationships.

The vulnerability of the UIF Open UI component of the Oracle Siebel UI Framework, a system for managing customer relationships in Oracle Siebel CRM, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access...

The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to data.

The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to data using the HTTP protocol...

The vulnerability of the Login component of the Farmagonzora Oracle Argus Safety platform allows a intruder to gain unauthorized access to protected data.

The vulnerability of the Console component of the Oracle Argus Safety pharmaceutical monitoring platform is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protoco...

The vulnerability of the WLS component – the Web Services server of Oracle WebLogic Server – allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the WLS component—the Web Services server of Oracle WebLogic Server—is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

The vulnerability of the Elastic Search component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Elastic Search component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using...