The vulnerability of the Territory Administration sub-component of the Oracle Territory Management component of the Oracle E-Business Suite allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Territory Administration sub-component of the Oracle Territory Management component in the Oracle E-Business Suite system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add...

Debian: Security Advisory (DLA-1858-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-11578

CVE-2017-11578 affects the Blipcare wireless blood pressure monitor. The device exposes its web management interface over plain HTTP (non-SSL), allowing an attacker on the same wireless network to conduct a MITM and sniff the user’s Wi‑Fi credentials. The impact is disclosure of credentials witho...

vulners NSE Script

For each available CPE the script prints out known vulns links to the correspondent info and correspondent CVSS scores. Its work is pretty simple: work only when some software version is identified for an open port take all the known CPEs for that software from the standard nmap -sV output make a...

CVE-2018-16618

VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters...

Command injection

VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters...

CVE-2018-16618

VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters...

CVE-2018-16618

VTech Storio Max devices running before 56.D3JM6 are affected by CVE-2018-16618. An exposed storeintenttranslate.x service on localhost:1668 accepts requests that combine random characters with an Android activity name; the activity name is inserted into a shell command. By injecting shell metach...

WebLogic Server re-aeration at high risk 0 day vulnerability-a vulnerability warning-the black bar safety net

6 May 11, Ali cloud security team found WebLogic CVE-2019-2725 patch to bypass the 0day vulnerabilities, and First Time reported in Oracle official, 6 January 12, get Oracle official confirmation. Since Oracle has not yet released an official patch, vulnerability details and real PoC are not...

Fedora Update for wget FEDORA-2019-7a0497cbc2

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2019-12099 · Rockwell Automation · Compactlogix 5370 +2

Name of the Vulnerable Software and Affected Versions: CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers versions 20 through 30 and earlier. Description: An attacker could send a crafted HTTP/HTTPS request to render th...

The vulnerability of the Service Enablement component in the JD Edwards World Technical Foundation software package allows a malicious individual to gain unauthorized access to protected data.

The vulnerability of the Service Enablement component in the JD Edwards World Technical Foundation package is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

The vulnerability of the Advanced UI sub-component of the integrated customer service platform for Internet applications, Oracle WebCenter Sites, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Advanced UI sub-component of the integrated customer service platform for Internet applications, Oracle WebCenter Sites, is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...

The vulnerability of the Fluid sub-component of the PeopleSoft Enterprise PeopleTools business application suite from Oracle PeopleSoft allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Fluid sub-component of the PeopleSoft Enterprise PeopleTools business application suite, developed by Oracle PeopleSoft Products, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify...

The vulnerability of the Preference sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Preference sub-component of the Oracle CRM component in the Oracle E-Business Suite system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP...

The vulnerability of the Attachments sub-component of the Oracle iSupplier Portal component in the Oracle E-Business Suite system, which allows a malicious individual to access data for modification, addition, or deletion.

The vulnerability of the Attachments sub-component of the Oracle iSupplier Portal component in the Oracle E-Business Suite enterprise automation system is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify,...

The vulnerability of the Fabric Layer sub-component of the software package for building and deploying service-oriented architecture, Oracle SOA Suite, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Fabric Layer sub-component of the software package for building and deploying service-oriented architecture of Oracle SOA Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

WebLogic Server exposure to high-risk remote command execution 0 day vulnerability-a vulnerability warning-the black bar safety net

Recently, Ali cloud security team monitored, by the National information security vulnerabilities sharing platform CNVD）included in the Oracle WebLogic wls9-async deserialization remote command execution vulnerability CNVD-C-2019-48814 be attacker, the unauthorized remote execution command. The...

The vulnerability of the Outside In Filters sub-component of the Oracle Outside In Technology software development kit (SDK). This vulnerability allows a malicious actor to gain unauthorized access to protected information or cause partial service disruption.

The vulnerability of the Outside In Filters sub-component of the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or cause a partial servic...

The vulnerability of the Print Server sub-component of the Oracle One-to-One Fulfillment component of the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.

The vulnerability of the Print Server sub-component of the Oracle One-to-One Fulfillment component in the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data...