CVE-2017-10372

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications subcomponent: Base. Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2017-10227

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

CVE-2017-10314

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

CVE-2017-10155

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

CVE-2016-4922

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete contro...

CVE-2016-4922

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete contro...

completenutrition.com XSS vulnerability

Vulnerable URL: https://www.completenutrition.com/us/en/search/?q=%3C/script%3E%22%3E%3Cscript%3Eprompt%22OPENBUGBOUNTY%22%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation

CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners...

Design/Logic Flaw

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories by leveraging the ability to sniff HTTP traffic on...

completesportnews.com XSS vulnerability

Vulnerable URL: http://completesportnews.com/search/" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 14856 VIP website status:| Yes Coordinated Disclosure Timeline: Description|...

CCleaner 'CCleaner.exe' Backdoor Trojan Vulnerability - Windows

CCleaner is prone to backdoor trojan installation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Live Meeting 2007 Add-in Multiple Vulnerabilities (KB4025869)

This host is missing an important security update according to Microsoft KB4025869 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2017-3649

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2017-3646

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: X Plugin. Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

CVE-2017-10000

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: Reporting. Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...

CVE-2017-3646

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: X Plugin. Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

CVE-2017-3640

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2017-10042

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: IKE. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via IKE to compromise Solaris. Successful attacks of this...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Cross site request forgery (csrf)

DISPUTED An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters for example, issuing a POST request to change the user password. All Sunny...