CVE-2020-28217

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

CVE-2020-28217

Schneider Electric Easergy T300 firmware 2.7 and earlier is affected by CVE-2020-28217 (Missing Encryption of Sensitive Data) in the IEC60870-5-104 communication path. The NVD/NVD-derived entry indicates vulnerability to reading network traffic due to lack of encryption, with a CVSSv3 base score ...

CVE-2020-28216

CVE-2020-28216 affects Schneider Electric Easergy T300 with firmware version 2.7 and earlier. The root cause is Missing Encryption of Sensitive Data (CWE-311), allowing an attacker to read network traffic over HTTP. The vulnerability impact includes exposure of sensitive information via HTTP traf...

Unspecified Vulnerability in Schneider Electric Easergy T300

Easergy T300 is a new generation intelligent terminal for distribution network automation, which is designed with the concept of "Modularity, Flexibility, and Application Oriented", and can be widely used in medium voltage distribution network management, fault location, isolation, and restoratio...

The vulnerability of the System Wide Java environment for creating, integrating, and managing applications within the Oracle Utilities Framework allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the System Wide Java environment used for creating, integrating, and managing applications within the Oracle Utilities Framework is related to lack of access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information, o...

The vulnerability of the Console component of the Oracle WebLogic Server application server allows a attacker to gain full control over the application.

The vulnerability of the Console component of the Oracle WebLogic Server application lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain full control over the application using the HTTP protocol...

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using...

Some HTTP/2 implementations are vulnerable to a header leak potentially leading to a denial of service

...

The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application in the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application in the Oracle E-Business Suite is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the Marketing Administration component of the Oracle Marketing marketing platform in the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Marketing Administration component of Oracle’s marketing platform relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add, or delete...

The vulnerability of the IQR-Foundation component of the Oracle Hyperion BI+ service allows a intruder to gain unauthorized access to protected information.

The vulnerability of the IQR-Foundation component of the Oracle Hyperion BI+ service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information via the HTTP network protocol...

The vulnerability of the Diagnostics component of the Oracle Application Object Library in the Oracle E-Business Suite system allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Diagnostics component of the Oracle Application Object Library in the Oracle E-Business Suite automation system relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to and modify, add, or delete data using...

The vulnerability of the Oracle Applications Manager component, a tool for application management in the Oracle E-Business Suite, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the Oracle Applications Manager component, a tool for application management in the Oracle E-Business Suite, relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the User Interface component of the Oracle Trade Management application, a part of the Oracle E-Business Suite, allows an attacker to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Trade Management application, part of the Oracle E-Business Suite, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or to...

The vulnerability of the General component of the Oracle REST Data Services service allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the General component of the Oracle REST Data Services is related to security mechanism failures. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information via the HTTP network protocol...

DEBIAN-CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

Information disclosure

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

The vulnerability of the Workbench search system of Oracle Commerce Guided Search and the Oracle Commerce Experience Manager, a tool for managing the user environment, allows an attacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Workbench search engine component of Oracle Commerce Guided Search and the Oracle Commerce Experience Manager user environment management tool exists due to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to...

The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component in the Oracle E-Business Suite system allows a malicious actor to gain access to modify, add, or delete data.

The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to access and modify, add, or delete data...

HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Help server.py unisessio...