128 matches found
GHSA-72GV-QQRP-H9QG Moodle Users Can Bypass Deleted Status
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token...
CVE-2022-21390
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Webservices Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network...
Buffer overflow
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Webservices Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network...
webservices-secure.ericsoft.com Open Redirect vulnerability OBB-2149630
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Apache jUDDI code issue vulnerability
Apache jUDDI is a java implementation of UDDI open source package that serves WebServices. jUDDI versions prior to Apache jUDDI 3.3.10 have a code issue vulnerability that can be exploited by attackers to remotely run arbitrary code...
Exploit for Deserialization of Untrusted Data in Microsoft
This is a weaponized tool for exploiting the Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability, identified as CVE-2020-17144. The tool is written in C and uses the .NET framework 3.5. The tool consists of two files: e.cs and cve-2020-17144.cs. The e.cs file is a simple C...
CVE-2018-7489
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...
Fedora: Security Advisory for eclipse-webtools (FEDORA-2020-cf8ef2f333)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: eclipse-webtools-3.18.0-4.fc32
Eclipse Webtools. This contains sub-packages for different sub-projects of Eclipse Webtools project, including Server Tools, SourceEditing Tools, Webservices Tools, Java EE Tools, JSF Tools, and Dali JPA Tools...
WebLogic Server exposure to high-risk remote command execution 0 day vulnerability-a vulnerability warning-the black bar safety net
Recently, Ali cloud security team monitored, by the National information security vulnerabilities sharing platform CNVD)included in the Oracle WebLogic wls9-async deserialization remote command execution vulnerability CNVD-C-2019-48814 be attacker, the unauthorized remote execution command. The...
CVE-2019-2395
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server...
Ricoh myPrint Hardcoded Credentials / Information Disclosure
Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosure via WSDL webservices Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 19-11-18 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...
Ricoh myPrint Hardcoded Credentials / Information Disclosure Vulnerability
Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected. Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosur...
Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2017-31501)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. Oracle WebLogic Server is one of the application server components for cloud and traditional...
Ideagen Easysite SQL Injection Vulnerability
Ideagen Easysite is a web content management system from Ideagen UK. A SQL injection vulnerability exists in the CInfoService.asmx file of WebServices in Ideagen Easysite version 7.0. The vulnerability can be exploited by remote attackers to execute arbitrary SQL commands via a specially crafted...
Sql injection
SQL injection vulnerability in CInfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element...
CVE-2017-9848
SQL injection vulnerability in CInfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element...
CVE-2017-9848
CVE-2017-9848 affects Ideagen Easysite 7.0, specifically the WebServices component C_InfoService.asmx. A SQL injection vulnerability exists in GetArticleHitsArray when processing a crafted XML document containing a targeted ArticleIDs element, enabling remote attackers to execute arbitrary SQL co...
webservices.muchmusic.com XSS vulnerability
Vulnerable URL: http://webservices.muchmusic.com/connect/doContest.php?act=entry=prompt/OPENBUGBOUNTY/...
webservices.mtv.ca XSS vulnerability
Vulnerable URL: http://webservices.mtv.ca/connect.v2/elastica.php?act=validateuser=prompt/OPENBUGBOUNTY/...