PT-2023-1186 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 5.9.0.0.0 through 6.4.0.0.0 Description: The issue is related to insufficient input validation in the Visual Analyzer component. It allows a low-privileged attacker with network access...

Ubuntu: Security Advisory (USN-5805-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5805-1: Apache Maven vulnerability

It was discovered that Apache Maven followed repositories that are defined in a dependency’s Project Object Model pom even if the repositories weren't encryptedh http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...

Information Disclosure

github.com/usememos/memos is vulnerable to information disclosure. The vulnerability exists in multiple functions because of missing secure cookie attribute which allows an attacker to send an unencrypted request over the HTTP protocol...

CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files...

Design/Logic Flaw

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files...

CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files...

CVE-2022-47895

JetBrains IntelliJ IDEA before 2022.3.1 is affected by CVE-2022-47895 through the "Validate JSP File" action, which uses HTTP to download required JAR files. The underlying issue enables a scenario where an attacker could influence the download of JARs, potentially enabling exploitation via deser...

CVE-2022-38122

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data...

CVE-2022-38122

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data...

Design/Logic Flaw

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data...

CVE-2022-38122

The CVE-2022-38122 issue affects UPSMON PRO (Powercom) and is caused by transmitting sensitive data in cleartext over HTTP. The vulnerability can be exploited by an unauthenticated remote attacker to access sensitive information. Public references describe this risk and assign a high severity (CV...

CVE-2022-38122 POWERCOM CO., LTD. UPSMON PRO - Cleartext Transmission of Sensitive Information

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data...

Exploit for CVE-2022-21907

CVE-2022-21907 -------- Description POC for CVE-2022-2...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

Webile 1.0.1 Directory Traversal

Document Title: =============== Webile v1.0.1 - Directory Traversal Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2320 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 232...

Password Manager For IIS 2.0 Cross Site Scripting

Exploit Title: XSS Exploit Author: VP4TR10T Vendor Homepage:http://passwordmanager.adiscon.com/en/manual/ Software Link:http://passwordmanager.adiscon.com/ Version: Version 2.0 Tested on: WINDOWS CVE : CVE-2022-36664 Affected URI when trying to change user password: POST /isapi/PasswordManager.dl...

Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and get access to the minarca website, for this scenario I have used the demo/test...