The vulnerability of the Miscellaneous component of the Oracle Scripting environment for creating and processing scripts allows a attacker to gain access to modify, add, or unauthorizedly access sensitive information using the HTTP protocol.

The vulnerability of the Miscellaneous component of the Oracle Scripting environment for creating and processing scripts is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or unauthorizedly access protect...

CVE-2020-5875

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel TMM may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

PT-2020-2531 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0 through 12.2.1.4.0 Description: The issue is related to insufficient access control in the Analytics Web General component of Oracle Business Intelligence Enterprise Edition...

PT-2020-3471 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools version 9.2 Description: The issue is related to inadequate access control in the Monitoring and Diagnostics component of JD Edwards EnterpriseOne Tools, allowing an unauthenticated attacker with network access...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine KTAE doesn't...

PlayStation: SSRF chained to hit internal host leading to another SSRF which allows to read internal images.

Report Summary: We found an SSRF at https://image.api.np.km.playstation.net/ Vulnerable endpoints: /images , /dis/images. using image GET parameter. Description This endpoint allows us to fetch a remote image over HTTP protocol using the image GET parameter and convert them to the desired format...

CVE-2019-16067

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication...

CVE-2019-16067

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication...

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

The vulnerability of the Login component of the Oracle Hospitality Opera 5 software, which allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Oracle Hospitality Opera 5 software for managing hotel resources is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating remotely to modify, add, or delete data, or gain unauthorized access to protected information usi...

Open-Xchange: SSRF - Guard - Unchecked HKP servers

Description When encrypting an email, one of strategies to lookup recipient's encryption key is to contact a HKP keyserver specified in DNS records of recipient's domain. Specifically it is DNS SRV records for hkps.tcp. and hkp.tcp., which specify hostname and port of the keyserver. In source cod...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or cause service failures using the HTTP...

The vulnerability of the UIF Open UI component of the Siebel UI Framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UIF Open UI component of the Siebel UI Framework is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the EAI component of the Siebel UI Framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the EAI component of the Siebel UI Framework is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Console component of Oracle WebLogic Server allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Console component of Oracle WebLogic Server is related to deficiencies in access control. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or cause service failures using the HTTP...

The vulnerability of the Application Service Level Mgmt component of the Enterprise Manager Base Platform allows attackers to access data for modification, addition, or deletion, gain unauthorized access to protected information, or cause service failures.

The vulnerability of the Application Service Level Mgmt component of the Enterprise Manager Base Platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, gain unauthorized access to protected...

The vulnerability of the Configuration Standard Framework component of the Enterprise Manager Base Platform allows a perpetrator to gain access to modify, add, or delete data, to gain unauthorized access to protected information, or to cause service failures.

The vulnerability of the Configuration Standard Framework component of the Enterprise Manager Base Platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, gain unauthorized access to protecte...