The vulnerability of the WebUI user interface of the Oracle Primavera Gateway integration platform allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the WebUI user interface of the Oracle Primavera Gateway data integration platform is related to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data usi...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

...

OpenJDK: soundbank URL remote loading (Sound, 8293742)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

CVE-2023-0017

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current...

CVE-2022-45936

A vulnerability has been identified in Mendix Email Connector All versions V2.0.0. Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information...

CVE-2022-41271

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

CVE-2022-36193

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

Sql injection

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

School-Management-System SQL注入漏洞

School-Management-System is a school management system by the individual developer Lahiru Danushka. School-Management-System version 1.0 suffers from a SQL injection vulnerability that originates from allowing remote attackers to modify or delete data via malicious SQL queries...

CVE-2022-36193

CVE-2022-36193 affects School Management System (version 1.0). The vulnerability is a SQL injection that enables remote attackers to modify or delete data via malicious SQL queries, leading to persistent changes in application content/behavior. Concrete details across connected sources confirm th...

Vulnerability fixed in FortiMail

FortiNet has fixed a vulnerability in FortiMail. A malicious person with admin rights in a private, possibly self-hosted configured domain is able to read and modify system information modify for a domain for which it is not authorized. FortiNet has released updates to fix the vulnerability in...

mysql: InnoDB unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

mysql: Server: Options unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-39404

Vulnerability in the MySQL Installer product of Oracle MySQL component: Installer: General. Supported versions that are affected are 1.6.3 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MyS...

CVE-2022-3255

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify...

mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform allows a malicious individual to gain unauthorized access to read, modify, or add data, or to cause service interruptions.

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...

The vulnerability of the CAS server of General Bytes Crypto Application Server, related to the manipulation of inter-site requests, allows a hacker to create a user with admin privileges and modify any data on the server at will.

The vulnerability of the CAS server of General Bytes Crypto Application Server is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to create a user with admin privileges and modify any data on the server at will...