The vulnerability of the OXI software component for managing hotel resources, Oracle Hospitality Opera 5, allows a hacker to modify data, cause partial service interruptions, or gain unauthorized access to the device.

The vulnerability of the OXI software component for managing hotel resources in Oracle Hospitality Opera 5 exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify data remotely, cause partial service interruptions, or gain unauthorized...

The vulnerability of the Forms component in the Oracle Clinical Remote Data Capture system allows a intruder to disclose protected information.

The vulnerability of the Forms component in the Oracle Clinical Remote Data Capture system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...

EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

Overview EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. TSUKADA Nobuhisa of Seasoft reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

CVE-2023-21993

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...

CVE-2023-21993

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...

DEBIAN-CVE-2023-21938

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

Buffer overflow

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...

CVE-2023-21993

CVE-2023-21993 affects Oracle Clinical Remote Data Capture (Oracle Health Sciences Applications), component Forms, with vulnerable version 5.4.0.2. The issue is a network-accessible, low-privilege flaw that can lead to unauthorized data access (CVSS v3.1 base score 6.5, Confidentiality impact). P...

PT-2023-2526 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19c and 21c Description: The issue is related to insufficient input validation in the Java VM component of the Oracle Database Server. This can be exploited by a remote attacker to gain read, modify, add, or...

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in its report-generation mechanism’s deficiencies, which allows attackers to gain unauthorized access to protected information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the data storage system based on Docker for APM monitoring in IBM Instana Observability allows a attacker to gain access to read or modify data.

The vulnerability of the Docker-based data storage solution for APM monitoring in IBM Instana Observability involves a lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker operating remotely to gain access to read or modify data...

CVE-2020-9009

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...

ShipStation 安全漏洞

ShipStation is an e-commerce retail order carrier processing and shipping software from ShipStation. A security vulnerability exists in ShipStation version 1.1 and prior versions that stems from unchecked access to an endpoint, allowing a remote attacker to insert arbitrary information into the...

What is Cloud Mining and How Does it Work?

By Owais Sultan Cloud mining is a way for you to purchase mining power from a remote data centre. Cloud mining… This is a post from HackRead.com Read the original post: What is Cloud Mining and How Does it Work?...

CVE-2023-26774

An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint...

What is Cloud Mining and How Does it Work?

By Owais Sultan Cloud mining is a way for you to purchase mining power from a remote data centre. Cloud mining… This is a post from HackRead.com Read the original post: What is Cloud Mining and How Does it Work?...

PT-2023-11804

Name of the Vulnerable Software and Affected Versions Tailor Mangement System version 1 Description A SQL injection issue allows a remote attacker to execute arbitrary code via the title parameter. This enables the attacker to potentially access or modify sensitive data. Recommendations For Tailo...

GHSA-MWQ8-FJPF-C2GR Prototype pollution in matrix-js-sdk (part 2)

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-js-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

CVE-2022-43650

This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-43610

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...