CVE-2023-22506

This High severity Injection and RCE Remote Code Execution vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions...

CVE-2023-22045

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

CVE-2022-23627 Inadequate access verification when using proxy commands in ArchiSteamFarm

ArchiSteamFarm ASF is a C application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn't adequately verify effective access of the user sending proxy i.e. Bots commands. In particular, a...

CVE-2022-21266

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Pipeline Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access...

CVE-2021-2108

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core Components. The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server...

CVE-2020-2838

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite component: Setup of Mobile Applications. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

CVE-2020-2635

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: System Monitoring. Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

Craft CMS Rate Limiting / Brute Force

Exploit Title : Craft CMS up to 3.1.7 Password Prompt Form Lockout weak authentication Author Discovered By : Mohammed Abdul Raheem Author's Company Name : TrekShield IT Solution Private Limited Author Exploit-db : https://www.exploit-db.com/?author=9783 Found Vulnerability On : 16-01-2019 Vendor...

Design/Logic Flaw

Vulnerability in the RDBMS DataPump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise RDB...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with...

CVE-2013-1481

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound...