CVE-2021-27828

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

In4Suit ERP 3.2.74.1370 - (txtLoginId) SQL injection Vulnerability

Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows ----------------------------------------- SQL injection in In4Suite ERP 3.2.74.1370...

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify...

In4Suit ERP 3.2.74.1370 SQL Injection

Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Date: 18/05/2021 Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows ----------------------------------------- SQL injection in In4Suite...

The vulnerability of the Quotes component in the Oracle Trade Management application of the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.

The vulnerability of the Quotes component in the Oracle Trade Management application of the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain unauthorized...

The vulnerability of the Admin component of Oracle Advanced Collections, a component of the Oracle E-Business Suite, allows an attacker to gain access to modify, add, or delete data, as well as to gain unauthorized access to protected information.

The vulnerability of the Admin component in Oracle Advanced Collections, a component of the Oracle E-Business Suite, relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain unauthorized...

The vulnerability of the Home Page component of the Oracle Applications Framework allows a perpetrator to gain access to modify, add, or delete data, or to gain full control over the application.

The vulnerability of the Home Page component of the Oracle Applications Framework is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or delete data, or to gain full control over the applicati...

The vulnerability of the Price Book component in the Oracle Advanced Pricing application of the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.

The vulnerability of the Price Book component in the Oracle Advanced Pricing application of the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain...

The vulnerability of the iRecruitment component of the Oracle Human Resources workforce management software allows a hacker to gain access to data for editing, adding, or deleting.

The vulnerability of the iRecruitment component of the Oracle Human Resources staffing management software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

CVE-2021-2267

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

CVE-2021-2220

Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft component: Manage Requisition Status. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2021-2150

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

The vulnerability of the TCP/IP protocol implementation in the Stack Trace stack allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the TCP/IP protocol implementation in the Trace stack is related to integer overflows. Exploiting this vulnerability allows a remote attacker to gain access to modify, add, or delete data...

Improper access control

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF...

CVE-2021-1399

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...

Authorization

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...

Rockwell Automation FactoryTalk AssetCentre 安全漏洞

Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. An unspecified vulnerability exists in Rockwell Automation FactoryTalk...

CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

ClusterLabs Hawk 安全漏洞

ClusterLabs Hawk is a ClusterLabs open source application. It is used to manage and monitor Pacemaker HA clusters. ClusterLabs Hawk has a security vulnerability that allows an attacker to bypass access restrictions to read or modify data using chmod...

IBM DB2 安全漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2, which can be exploited by an attacker to bypass access...