12 matches found
CVE-2026-46908
Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards component: Accounts Payable. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...
CVE-2026-46891
Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards component: Accounts Payable. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...
Vulnerabilities in Oracle JD Edwards EnterpriseOne
Oracle has identified several vulnerabilities in Oracle JD Edwards EnterpriseOne, including the modules Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing, specifically for versions 9.2.0.0 to 9.2.26.2. These vulnerabilities enable attackers ...
PT-2026-50015
Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne Accounts Payable version 9.2 Description A flaw in the Accounts Payable component allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to a ful...
PT-2026-49998
Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne Accounts Payable version 9.2 Description A flaw in the Accounts Payable component allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to...
Purchase order attachment isn’t a PDF. It’s phishing for your password
An attachment named New PO 500PCS.pdf.hTM, posing as a purchase order in PDF form, turned out to be something entirely different: a credential-harvesting web page that quietly sent passwords and IP/location data straight to a Telegram bot controlled by an attacker. Imagine you’re in accounts...
CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
UBUNTU-CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
DEBIAN-CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...