CVE-2014-2029

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com...

CVE-2017-12250

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization AO related process to restart, causing a partial denial of service DoS condition. The vulnerability is due to lack of...

CVE-2017-10247

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: HTML Area. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2017-10205

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Enterprise Management Console. The supported version that is affected is 2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

CVE-2017-10019

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Integration Broker. Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

avs-aggregatebau.de XSS vulnerability

Open Bug Bounty ID: OBB-262748 Description| Value ---|--- Affected Website:| avs-aggregatebau.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Weblate: Email verification over an unencrypted channel

Hey guys, When registered for an account, the confirmation email sent out, has a http link refer the attachment and allows a man-in-the-middle attacker to take over the account. He can do the following: - Obtain the confirmation tokens while transmitting to the weblate infra and redirect the user...

CVE-2017-3520

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Fluid Core. Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation Exploit

Exploit for linux platform in category local exploits == Overview === System affected: VirtualBox Software-Version: prior to 5.0.32, prior to 5.1.14 User-Interaction: Required Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell === Detailed description === I...

CVE-2017-3370

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport...

CVE-2017-3263

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Team Member. Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with...

Design/Logic Flaw

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...

MGASA-2017-0019 Updated golang package fixes security vulnerability

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...

CVE-2016-10138

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...

VX Search Enterprise Server <= 9.0.26 Buffer Overflow Vulnerability - Active Check

VX Search Enterprise Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

golang: HTTP request smuggling in net/http library

HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error the second field is ignored, and invalid fields are parsed as valid for example, "Content Length:" with a space in the...

Denial of Service Vulnerability in OMRON CP1W-C1F41 Module HTTP Service

OMRON CP1H-XA40DT-D is a compact PLC from OMRON Japan, widely used in manufacturing industry.CP1W-C1F41 is an Ethernet module for CP1H-XA40DT-D PLC. A denial of service vulnerability exists in the HTTP protocol of the CP1W-C1F41 module. After establishing a link with port 80 of the CP1W-C1F41 via...

Php Utility Belt Multiple Vulnerabilities

Php Utility Belt is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phputilitybelt:php";...

Mitsubishi Electric MELSEC FX3G PLC Device Resource Management Error Vulnerability

The Mitsubishi Electric MELSEC FX3G PLC is a programmable logic controller PLC product of the MELSEC FX series from Mitsubishi Electric Japan. A security vulnerability exists in the HTTP application of the Mitsubishi Electric MELSEC FX3G PLC device for products prior to the 2015.4 date. A remote...

yemen.gov.ye XSS vulnerability

Open Bug Bounty ID: OBB-70740 Description| Value ---|--- Affected Website:| yemen.gov.ye Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...