Lucene search
K

31 matches found

Hacker One
Hacker One
added 2022/02/28 5:57 p.m.15 views

Alohi: Waitlist bypass for accessing SIGN.PLUS Beta

During SIGN.PLUS beta phase, it was found out that hackers could trick the API response and pretend to have been accepted into the beta program. All server operations would be blocked, but the UI client would be accessible, exposing the work-in-progress design to non-beta users. There was no...

2.6AI score
Exploits0
NVD
NVD
added 2020/05/04 7:15 p.m.21 views

CVE-2020-5335

RSA Archer, versions prior to 6.7 P2 6.7.0.2, contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server...

8.8CVSS6.9AI score0.00457EPSS
Exploits0References1
OSV
OSV
added 2020/05/04 7:15 p.m.4 views

CVE-2020-5335

RSA Archer, versions prior to 6.7 P2 6.7.0.2, contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server...

8.8CVSS7.4AI score0.00457EPSS
Exploits0References1
Prion
Prion
added 2020/05/04 7:15 p.m.15 views

Cross site request forgery (csrf)

RSA Archer, versions prior to 6.7 P2 6.7.0.2, contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server...

6.8CVSS8.6AI score0.00457EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.8 views

The vulnerability of the MySQL database management system allows attackers to compromise the integrity and accessibility of information.

The vulnerability of the MySQL database management system is related to errors in the code. Exploiting this vulnerability allows a malicious actor to affect the integrity and accessibility of information by interfering with the DML operations on the server...

4.9CVSS7.1AI score0.01426EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/12/15 12:0 a.m.5 views

The vulnerability of Oracle Siebel CRM’s system for managing customer relationships allows attackers to compromise the confidentiality of information.

The vulnerability of the Siebel Core component – the Server OM Svcs part of the Oracle Siebel CRM system’s customer relationship management system – is related to code errors. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of sensitive information...

3.5CVSS6.6AI score0.01295EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/12/15 12:0 a.m.4 views

The vulnerability of the Oracle Siebel CRM system’s customer relationship management system allows attackers to compromise the confidentiality of customer information.

The vulnerability of the Siebel Core component – the Server OM Svcs part of the Oracle Siebel CRM system’s customer relationship management system – is related to code errors. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of sensitive information...

4.3CVSS6.6AI score0.01667EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2015/01/21 6:59 p.m.2 views

CVE-2015-0387

Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter...

4CVSS5.6AI score0.01113EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2011/05/23 12:0 a.m.34 views

Vanilla Forum p Parameter Local File Inclusion

The remote web server hosts Vanilla Forums, an open source forum software written in PHP. The installed version of Vanilla Forums uses a '/' character in the 'AnalyzeRequest' method in 'library/core/class.dispatcher.php' to separate input passed via the 'p' parameter of the 'index.php' script int...

5.9AI score
Exploits0References2
Packet Storm
Packet Storm
added 2008/08/22 12:0 a.m.24 views

netbeware.txt

Novell Netware 6.5 Remote Manager HTML Injection Exploit Username: Password: Example -- Username: "var ex=new ActiveXObject"WScript.Shell";ex.run'cmd.exe /C ver';...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/08/24 12:0 a.m.34 views

Xato Advisory: FrontPage DOS Device DoS

----------------------------------------------------------------------- Xato Network Security, Inc. www.xato.net Security Advisory XATO-082000-01 August 17, 2000 FRONTPAGE SERVER EXTENSIONS SHTML.EXE DENIAL OF SERVICE --DOS Device DoS--...

6.8AI score
Exploits0
Rows per page
Query Builder