90 matches found
GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) Exploit
Exploit Title: GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Exploit Author: Amin Bohio Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage: https://www.gfi.com Software Link:...
GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated)
Exploit Title: GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Date: 21/03/2021 Exploit Author: Amin Bohio Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage: https://www.gfi.com Softwa...
The vulnerability of the Advanced UI component in Oracle WebCenter Sites, which allows a hacker to disclose protected information
The vulnerability of the Advanced UI component of the Oracle WebCenter Sites customer service application relates to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information through HTTP requests...
Design/Logic Flaw
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced...
Security Bulletin: A vulnerability in IBM WebSphere Application Server and WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2018-1901)
Summary There is a vulnerability in IBM WebSphere Application Server and WebSphere Liberty that are used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. This issue was also addressed by IBM...
Deserialization of untrusted data
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Operations Analytics - Predictive Insights (CVE-2015-7575)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 20 that is used by IBM Operations Analytics - Predictive Insights. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability...
Oracle Siebel Remote Vulnerability (CNVD-2017-00909)
Oracle Siebel CRM is the United States Oracle Oracle company's set of customer relationship management solutions , which includes sales management , marketing management , customer service systems , call centers and other modules.Siebel UI Framework is one of the framework components based on the...
[SECURITY] Fedora 23 Update: python-django-horizon-2015.1.4-1.fc23
Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...
[SA20145] Sybase EAServer JPasswordField Password Disclosure
TITLE: Sybase EAServer JPasswordField Password Disclosure SECUNIA ADVISORY ID: SA20145 VERIFY ADVISORY: http://secunia.com/advisories/20145/ CRITICAL: Not critical IMPACT: Exposure of sensitive information WHERE: Local system SOFTWARE: Sybase EAServer 5.x http://secunia.com/product/5398/...