EUVD-2022-26704

Malicious code in bioql PyPI...

EUVD-2023-36592

Malicious code in bioql PyPI...

TencentOS Server 3: java-1.8.0-openjdk (TSSA-2022:0001)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0001 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

Linux Distros Unpatched Vulnerability : CVE-2017-10972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access...

PT-2023-6343 · Oracle · Oracle Banking Trade Finance

Name of the Vulnerable Software and Affected Versions: Oracle Banking Trade Finance versions 14.5 through 14.7 Description: The issue is related to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing an unauthenticated attacker with network acce...

PT-2023-6340 · Oracle · Oracle Banking Trade Finance

Name of the Vulnerable Software and Affected Versions: Oracle Banking Trade Finance versions 14.5 through 14.7 Description: The issue is related to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing a low-privileged attacker with network access...

CVE-2023-32568

An issue was discovered in Veritas InfoScale Operations Manager VIOM before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level...

DGNews 2.1 - NewsID SQL Injection

DGNews 2.1 - NewsID SQL Injection source: https://www.securityfocus.com/bid/24212/info DGNews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow an attacker to compromis...

ATutor 1.5.3 - Multiple Input Validation Vulnerabilities

ATutor 1.5.3 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/18898/info ATutor is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied...

SoftBizScripts Dating Script 1.0 - news_desc.php SQL Injection

SoftBizScripts Dating Script 1.0 - newsdesc.php SQL Injection source: https://www.securityfocus.com/bid/18605/info Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A...

Ocean12 Technologies Calendar Manager Pro 1.0 1 - adminmain.asp?date Cross-Site Scripting

Ocean12 Technologies Calendar Manager Pro 1.0 1 - adminmain.asp?date Cross-Site Scripting source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. The...