CVE-2021-2484

Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite component: BIS Operations Intelligence. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2019-2575

Vulnerability in the Oracle AutoVue 3D Professional Advanced component of Oracle Supply Chain Products Suite subcomponent: Format Handling - 2D. Supported versions that are affected are 21.0.0 and 21.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

OESA-2024-1119 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker...

CVE-2022-21276

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network acces...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, etc. Scripting is one of the scripting management console components. A...

CVE-2021-35553

Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft component: Class Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS...

Remote Code Execution (RCE)

gsoap is vulnerable to remote code execution. An attacker can send a malicious SOAP HTTP that can lead to a remote code execution...

CVE-2021-2198

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Setup, Admin. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

Oracle WebLogic Server Code Execution Vulnerability (CNVD-2020-59715)

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

CVE-2020-2539

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Advanced UI. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites...

Security Bulletin: IBM Security Access Manager vulnerable to Slow HTTP Attack (CVE-2019-4036)

Summary The IBM Security Access Manager product can be attacked using the Slowloris Denial of service attack Vulnerability Details CVEID: CVE-2019-4036 DESCRIPTION: IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy...

CVE-2018-3316

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications subcomponent: Segment. Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2019-2638

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite subcomponent: Consolidation Hierarchy Viewer. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged...

DEBIAN-CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...

CVE-2018-3194

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Activity Guide. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSo...

CVE-2018-2911

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server...

ExchangeRelayX - An NTLM Relay Tool To The EWS Endpoint For On-Premise Exchange Servers (Provides An OWA For Hackers)

Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...

OWA for hackers: ExchangeRelayX

ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...

CVE-2018-2974

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable...

CVE-2018-2962

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite subcomponent: Web Access. Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Difficult to exploit vulnerability allows low privileged attacker with...