Improper Access Control

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Memcached component to partially modify data and cause denial of service conditions which leads to cause frequently repeatable crash on the target system...

CVE-2019-2707

Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management component of Oracle PeopleSoft Products subcomponent: Application Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2629

Vulnerability in the Oracle Health Sciences Data Management Workbench component of Oracle Health Sciences Applications subcomponent: User Interface. The supported version that is affected is 2.4.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2019-2557

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2018-3314

Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications subcomponent: Customer. The supported version that is affected is 11.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software...

CVE-2018-3312

Vulnerability in the Oracle Retail Customer Engagement component of Oracle Retail Applications subcomponent: Segment. Supported versions that are affected are 16.0 and 17.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail...

Joomla JCalPro Calendar 4.3.26 SQL Injection

Exploit Title : Joomla JCalPro Calendar Components 4.3.26 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/01/2019 Vendor Homepage : joomlashack.com anything-digital.com Software Download Link : joomlashack.com/joomla-extensions/jcal/ Software...

Vulnerability of the sub-component’s overview page/report rendering in the Oracle E-Business Intelligence component of the Oracle E-Business Suite. This component is used for automating business processes within enterprises. It allows attackers to gain access to modify, add, or delete data.

The vulnerability of the sub-component’s overview page/report rendering in Oracle E-Business Intelligence, a system for automating business processes within the Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating...

The vulnerability of the Learner Administration component in Oracle iLearning’s corporate learning management system allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Learner Administration component in Oracle iLearning’s enterprise learning management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to remotely gain access to modify, add, or delete data using the HTTP...

The vulnerability of the User Interface sub-component of the Oracle Trade Management component in the Oracle E-Business Suite allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Trade Management component in the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify, add, or delete data...

The vulnerability of the Oracle Applications Framework component of the Oracle E-Business Suite, a system for automating business activities, allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Oracle Applications Framework component of the Oracle E-Business Suite system for automating business operations is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or dele...

CVE-2019-2499

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Search Functionality. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2442

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Fluid Core. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2018-3304

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker...

CVE-2018-3305

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker...

Prototype Override Protection Bypass

qs is vulnerable to prototype override protection bypass. It is possible for an attacker to bypass the protection and overwrite prototype properties and functions by prefixing the name of the parameter with or . Overwriting these properties on the object prototype can impact application logic,...

Bakeshop Inventory System SQL Injection Vulnerability

Bakeshop Inventory System is a bakery inventory management system. A SQL injection vulnerability exists in Bakeshop Inventory System version 1.0. A remote attacker can use the login page to view, add, modify, or delete information in the back-end database...

CVE-2018-7926

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific...

The vulnerability of the ION memory distribution subsystem of the Android operating system allows a hacker to modify data on the device and gain root privileges.

The vulnerability of the ION memory distribution subsystem of the Android operating system is related to deficiencies in access control between applications and the operating system. Exploiting this vulnerability allows a remote attacker to modify data on the device and gain root privileges throu...

High severity vulnerability that affects org.apache.hbase:hbase

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service daemon outage, obtai...