65 matches found
The vulnerability of the Security component (SQL Logger) of the Oracle Retail Merchandising System allows a perpetrator to gain access to read data or modify data.
The vulnerability of the Security component SQL Logger of the Oracle Retail Merchandising System is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoc...
Unspecified Vulnerability in Oracle Hyperion Common Events Component (CNVD-2019-38556)
Oracle Hyperion is the United States Oracle Oracle company's set of financial modeling applications. The software provides financial settlement, report production and other functions. Hyperion Common Events is one of the event processing components. A security vulnerability exists in the User...
Unspecified Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management (CNVD-2018-24259)
Oracle Construction and Engineering Suite is a suite of portfolio management solutions for construction projects from Oracle Corporation.Primavera P6 Enterprise Project Portfolio Management P6 is one of the components for planning, managing and executing projects. Primavera P6 Enterprise Project...
Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise HCM Human Resources Component (CNVD-2019-38811)
Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise HCM Human Resources is one of the human resource management components...
Ebay Inc - CSRF Exploitation PoC of User Data Delete
Document Title: =============== Ebay Inc - CSRF Exploitation PoC of User Data Delete References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2053 Video: https://www.youtube.com/watch?v=KUenuqImsBs Release Date: ============= 2018-07-06 Vulnerability Laboratory ID VL-ID:...
Ebay Inc - CSRF Exploitation PoC of User Data Delete
Document Title: =============== Ebay Inc - CSRF Exploitation PoC of User Data Delete References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2053 Video: https://www.youtube.com/watch?v=KUenuqImsBs Release Date: ============= 2018-07-05 Vulnerability Laboratory ID VL-ID:...
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...
CVE-2018-9850
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...
Gxlcms QY Arbitrary File Deletion Vulnerability
Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the Lib\Lib\Action\Admin\DataAction.class.php file in Gxlcms QY version 1.0.0713. A remote attacker can exploit this vulnerability by deleting arbitrary files with the 'id' parameter in the Admin-Data-del reque...
Unspecified vulnerability in Oracle Financial Services Price Creation and Discovery component (CNVD-2018-01514)
Oracle Financial Services Applications is Oracle's suite of core banking, online banking, and property management financial services software. Oracle Financial Services Price Creation and Discovery is one of the financial services price creation and discovery component. A security vulnerability...
CVE-2017-10054
Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications subcomponent: MMS. The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle...
Oracle PeopleSoft Enterprise PRTL Interaction Hub Unauthorized Operation Vulnerability (CNVD-2017-28378)
Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PRTL Interaction Hub is one of the enterprise and Customer Interaction...
Oracle FLEXCUBE Private Banking Remote Vulnerability (CNVD-2017-21029)
Oracle Financial Services Applications is a set of core banking, online banking and property management financial services software from Oracle Corporation, of which Oracle FLEXCUBE Private Banking is a private banking component. A security vulnerability exists in the Miscellaneous subcomponent o...
ALPINE-CVE-2017-3653
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoco...
CVE-2017-10200
Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications subcomponent: Other. The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to...
CVE-2017-10131
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with netwo...
CVE-2017-10003
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Network Services Library. The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise...
The vulnerability of the Remote Administration Daemon component of the Solaris operating system allows a perpetrator to gain access to read or modify data, thereby causing a partial service disruption.
The vulnerability of the Remote Administration Daemon component of the Solaris operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, add, or delete access to data, and cause partial service interruption...
The vulnerability of the Oracle MySQL database management system allows a hacker to gain access to read data or modify data.
The vulnerability of the MySQL Server component of the Oracle MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain access to read, modify, add, or delete data via network packets...
Oracle Marketing Unauthorized Operation Vulnerability (CNVD-2017-06406)
Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software, of which Oracle Marketing is a component for managing marketing-related information and processes. A security vulnerability exists in the User Interface subcomponent of the Oracle...