1072 matches found
CVE-2022-38122
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data...
Design/Logic Flaw
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data...
CVE-2022-38122
The CVE-2022-38122 issue affects UPSMON PRO (Powercom) and is caused by transmitting sensitive data in cleartext over HTTP. The vulnerability can be exploited by an unauthenticated remote attacker to access sensitive information. Public references describe this risk and assign a high severity (CV...
CVE-2022-38122 POWERCOM CO., LTD. UPSMON PRO - Cleartext Transmission of Sensitive Information
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data...
Exploit for CVE-2022-21907
CVE-2022-21907 -------- Description POC for CVE-2022-2...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...
OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...
OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...
Webile 1.0.1 Directory Traversal
Document Title: =============== Webile v1.0.1 - Directory Traversal Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2320 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 232...
Password Manager For IIS 2.0 Cross Site Scripting
Exploit Title: XSS Exploit Author: VP4TR10T Vendor Homepage:http://passwordmanager.adiscon.com/en/manual/ Software Link:http://passwordmanager.adiscon.com/ Version: Version 2.0 Tested on: WINDOWS CVE : CVE-2022-36664 Affected URI when trying to change user password: POST /isapi/PasswordManager.dl...
Session_id without Secure attribute
Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and get access to the minarca website, for this scenario I have used the demo/test...
Session_id without Secure attribute
Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and access to the website, in this scenario I use the demo website. Check the cooki...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...
CVE-2022-2338
Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...
The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment allows a perpetrator to execute arbitrary code or gain full control over the application.
The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment relates to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely or gain full control over the application using the HTT...
The vulnerability of the Analytics Web General component of the Oracle Business Intelligence Enterprise Edition software platform allows a hacker to gain full control over the application.
The vulnerability of the Analytics Web General component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application throug...