82 matches found
CVE-2018-3068
Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products subcomponent: Compensation. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
CVE-2018-2953
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: Print Server. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2018-2960
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite subcomponent: Web Access. Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with netwo...
CVE-2018-2949
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...
Code injection
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...
ICSA-18-081-01 Siemens SIMATIC WinCC OA UI Mobile App
CVSS v3 5.1 ATTENTION: Exploitable from an adjacent network. Vendor: Siemens Equipment: SIMATIC WinCC OA UI mobile app Vulnerability: Improper Access Control AFFECTED PRODUCTS Siemens reports that this vulnerability affects the following products: SIMATIC WinCC OA UI for Android: All versions pri...
Apache Geode Code Execution Vulnerability
Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster. A remote attacker can exploit this vulnerability to...
CVE-2017-10380
Vulnerability in the Java Advanced Management Console component of Oracle Java SE subcomponent: Server. The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Ja...
CVE-2017-3573
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Printing. Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows unauthenticated...
CVE-2014-9642
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call...
Apple QuickTime stsz Atom Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...
CVE-2009-4490
CVE-2009-4490 affects mini_httpd 1.19. The flaw: logging non-printable characters without sanitization may let a remote attacker craft an HTTP request with an escape sequence to modify a window title and potentially execute arbitrary code or overwrite files. The Gentoo advisory GLSA 201206-27 des...
CVE-2009-4496
CVE-2009-4496 affects the Boa web server (Boa 0.94.14 rc21 in the Fedora/NASL/OpenVAS references) where HTTP logs are written without sanitizing non-printable characters. The provided connected document notes that this could allow remote attackers to exploit escape sequences in a request to manip...
Design/Logic Flaw
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals...
argo-exec.txt
GoodFellas Security Research Team Technical Details ----------------- Telnet service will be started in 2 reboot. Any other kind of exploit could be easily set up because the atta...
mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server Data Write/Remote Code Execution
No description provided by source. !-- ---------------------------------------------------------------------------- :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server Arbitrary Data Write & Remote Code Execution...
VMware 'IntraProcessLogging.dll' 5.5.3.42958 - Arbitrary Data Write
GoodFellas Security Research Team Technical Details ----------------- SetLogFileName method receives one argument filename in this format "c:\path\file". Proof of Concept ---------------- object id=ctrl classid="clsid:AF13B07E-...
mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server - Data WriteCode Execution
mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server - Data WriteCode Execution GoodFellas Security Research Team Technical Details ----------------- Telnet service will be started in 2 reboot. Any other kind of exploit could be easily set up because the attacker can write files and put specific data...
mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server Data Write/Code Execution
No description provided by source. !-- ---------------------------------------------------------------------------- :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server Arbitrary Data Write & Remote Code Execution...
mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server - Data Write/Code Execution
GoodFellas Security Research Team Technical Details ----------------- Telnet service will be started in 2 reboot. Any other kind of exploit could be easily set up because the attacker can write files and put specific data into these...