Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and access to the website, in this scenario I use the demo website. Check the cooki...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

CVE-2022-2338

Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...

The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment allows a perpetrator to execute arbitrary code or gain full control over the application.

The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment relates to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely or gain full control over the application using the HTT...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

Vulnerability of the Cluster component: The JS module of the Oracle MySQL Cluster database management system, which allows a hacker to cause a service failure.

Vulnerability of the Cluster component: The JS module of the Oracle MySQL Cluster database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the HTTP protocol over the network...

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search search engine and the Oracle Commerce Experience Manager user environment management tool allows a perpetrator to gain access to and modify data.

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system, as well as the Oracle Commerce Experience Manager user environment management tool, exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to ga...

The vulnerability of the Analytics Web General component of the Oracle Business Intelligence Enterprise Edition software platform allows a hacker to gain full control over the application.

The vulnerability of the Analytics Web General component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application throug...

The vulnerability of the SDK client integration component of the Oracle Advanced Outbound Telephony component of the Oracle E-Business Suite allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the SDK client integration component of the Oracle Advanced Outbound Telephony component of the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read,...

The vulnerability of the Email Marketing Stand-Alone component of the Oracle Siebel CRM system allows a hacker to modify data or gain unauthorized access to the device.

The vulnerability of the Search component in Oracle Siebel CRM’s customer relationship management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access to the...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the User Interface sub-component of the Oracle Collaborative Planning component of the Oracle E-Business Suite allows a perpetrator to access and modify data.

The vulnerability of the User Interface sub-component of the Oracle Collaborative Planning product, a business automation system within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to...

The vulnerability of the Person Search component of the Oracle PeopleSoft Enterprise HCM Shared Components application allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Person Search component of the Oracle PeopleSoft Enterprise HCM Shared Components application exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthoriz...

OPENSUSE-SU-2022:0148-1 Security update for varnish

This update for varnish fixes the following issues: varnish was updated to release 7.1.0 boo1195188 CVE-2022-23959 VCL: It is now possible to assign a BLOB value to a BODY variable, in addition to STRING as before. VMOD: New STRING strftimeTIME time, STRING format function for UTC formatting...

CVE-2022-24045

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The application, after a successful login, sets the session cookie on the browser...