Lucene search
K

298 matches found

ptsecurity
ptsecurity
added 2024/05/30 12:0 a.m.4 views

PT-2024-40076 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: Typo3 affected versions not specified Description: A cross-site scripting issue has been found in the handling of t3:// URL and typolink functionality. This affects not only regular backend forms but also frontend extensions that use renderin...

6.1CVSS6.3AI score
Exploits0References7
nessus
nessus
added 2024/02/13 12:0 a.m.29 views

TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-005)

The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.57 ELTS / 9.0.0 9.5.46 ELTS / 10.0.0 10.4.43 ELTS / 11.0.0 11.5.35 / 12.0.0 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-005 advisory. - TYPO3 is an open source PHP...

4.3CVSS5.1AI score0.00548EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/12/07 12:0 a.m.7 views

PT-2023-9842

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server version 12.2.1.4.0 Oracle WebLogic Server version 14.1.1.0.0 Description A flaw in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware, is caused by insufficient input validation and a...

7.8CVSS8.2AI score0.49689EPSS
Exploits3References81
ptsecurity
ptsecurity
added 2023/12/07 12:0 a.m.5 views

PT-2023-9637 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to insufficient protection of internal data in the Oracle WebLogic Server Core component. This can be exploited by a remote attacker to gain...

7.8CVSS8AI score0.00441EPSS
Exploits0References6
bdu_fstec
bdu_fstec
added 2023/10/20 12:0 a.m.6 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application through the use of network protocols T3 and IIOP...

8.1CVSS7.4AI score0.00512EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2023/10/19 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to execute arbitrary code.

The vulnerability of the Core server component of Oracle WebLogic Server is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely by injecting specially crafted messages via T3 and IIOP protocols...

10CVSS8.2AI score0.0075EPSS
Exploits0References4Affected Software1
osv
osv
added 2023/10/17 10:15 p.m.6 views

CVE-2023-22072

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful...

9.8CVSS7.3AI score0.00625EPSS
Exploits0References1
prion
prion
added 2023/10/17 10:15 p.m.26 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful...

7.5CVSS9.4AI score0.00625EPSS
Exploits0References1Affected Software1
prion
prion
added 2023/10/17 10:15 p.m.17 views

Code injection

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

5CVSS7.3AI score0.00562EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2023/10/17 12:0 a.m.4 views

PT-2023-6206 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server version 12.2.1.3.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via T3, IIOP to compromise...

10CVSS8.9AI score0.00625EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2023/10/17 12:0 a.m.8 views

PT-2023-6174 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to errors in handling input data in the Oracle WebLogic Server Core component. This can be exploited by a remote attacker to execute arbitrary cod...

9.8CVSS9.3AI score0.0075EPSS
Exploits0References10
cnnvd
cnnvd
added 2023/10/17 12:0 a.m.5 views

Oracle Fusion Middleware Security Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware and Oracle WebLogic Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, and more.Oracle WebLogic...

7.5CVSS6.7AI score0.00562EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/10/17 12:0 a.m.6 views

Oracle Fusion Middleware Security Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware and Oracle WebLogic Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, and more.Oracle WebLogic...

8.1CVSS6.7AI score0.00512EPSS
Exploits0References3
nessus
nessus
added 2023/10/03 12:0 a.m.33 views

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11479)

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

7.5CVSS6.5AI score0.9166EPSS
Exploits1References4
nessus
nessus
added 2023/10/03 12:0 a.m.30 views

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11478)

Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...

7.5CVSS6.6AI score0.94686EPSS
Exploits1References4
nessus
nessus
added 2023/10/03 12:0 a.m.35 views

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11477)

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

7.8CVSS7.2AI score0.98745EPSS
Exploits4References4
openbugbounty
openbugbounty
added 2023/06/12 5:56 p.m.14 views

pm1.t3.gsic.titech.ac.jp Cross Site Scripting vulnerability OBB-3419994

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
nvd
nvd
added 2023/06/01 6:15 a.m.41 views

CVE-2022-4332

In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full...

6.8CVSS6.9AI score0.00335EPSS
Exploits1References1
prion
prion
added 2023/06/01 6:15 a.m.13 views

Design/Logic Flaw

In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full...

4.6CVSS7AI score0.00335EPSS
Exploits1References1
cvelist
cvelist
added 2023/06/01 5:36 a.m.40 views

CVE-2022-4332 Sprecher: Vulnerable firmware verification

In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full...

6.8CVSS7.1AI score0.00335EPSS
Exploits1References1
Rows per page
Query Builder