Design/Logic Flaw

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications subcomponent: Miscellaneous. Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2017-3543

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Server. Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2017-3464

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protoco...

Oracle Automatic Service Request Remote Vulnerability

Automatic Service Request ASR is an "Oracle Support Service" that provides automatic case generation in the event of common hardware component failures. A remote vulnerability exists in Oracle Automatic Service Request. An attacker can exploit the vulnerability to compromise the "ASR Manager"...

Mozilla: Out-of-bounds read in ConvolvePixel (MFSA 2017-11, MFSA 2017-12)

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and...

Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF Vulnerabilities

Oracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability. Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com...

UBUNTU-CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and...

CVE-2017-3468

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2017-3329

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Thread Pooling. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via...

VirtualBox Guest-To-Host Out-Of-Bounds Write Exploit

Exploit for multiple platform in category dos / poc VirtualBox: guest-to-host out-of-bounds write via virtio-net CVE-2017-3575 This is a vulnerability that affects VirtualBox VMs that use a virtio network adapter which is a non-standard configuration. It permits the guest kernel to write up to 4G...

PT-2017-16654 · Apache +2 · Apache Batik +2

Name of the Vulnerable Software and Affected Versions: Apache Batik versions prior to 1.9 Description: The issue allows arbitrary users to reveal files on the server's filesystem by sending maliciously formed SVG files. The types of files that can be accessed depend on the user context in which t...

UBUNTU-CVE-2017-5662

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

China Knowledge CAJViewer reader suffers from dll hijacking vulnerability

China Knowledge CAJViewer Reader is a specialized full-text format reader for China Journal Network. China Knowledge CAJViewer Reader has a dll hijacking vulnerability, the vulnerability is due to China Knowledge CAJViewer Reader CAJVieweru.exe component is not safe to load the library file, an...

TYPO3 CMS news management module SQL injection vulnerability analysis with exp-a vulnerability warning-the black bar safety net

Foreword By POST, to send orderByAllowed and orderBy, we will be able to control part of the SQL statement and get the injection vulnerabilities. The body The news module is TYPO3（Typo3 content management system the most commonly used one of the modules, and now will be subject toSQL...

CVE-2017-7725

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...

CVE-2017-7725

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...

CVE-2017-7725

The CVE concerns concrete5 8.1.0, where the application places incorrect trust in the HTTP Host header during caching when a canonical URL isn’t configured in Advanced Options. A remote attacker can craft a GET with a poisoned Host header, which is stored and can cause certain links shown to subs...

CVE-2017-7725

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...

DEBIAN-CVE-2016-4068

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864...

ILIAS Cross-Site Scripting Vulnerability (CNVD-2017-05243)

ILIAS is a Web-based learning management system developed by the ILIAS team. The system contains modules for course management, file sharing, and live chat. A cross-site scripting vulnerability exists in ILIAS versions prior to 5.2.3. A remote attacker can exploit this vulnerability to inject...