The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

The vulnerability of the BD Synapsys software lies in its incorrect session duration, which allows a perpetrator to gain access, modify, or delete confidential information.

The vulnerability of the BD Synapsys software lies in the incorrect duration of a session. Exploiting this vulnerability can allow an attacker to gain access, modify, or delete confidential information...

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

mm-wiki 跨站请求伪造漏洞

mm-wiki is a Chinese phachon individual developers of a lightweight enterprise knowledge sharing and team collaboration software. It can be used to quickly build enterprise Wiki and team knowledge sharing platform. A security vulnerability exists in mm-wiki version v0.2.1, which originated from a...

CVE-2022-2990

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

CRI-O 安全漏洞

CRI-O is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that stems from the fact that if an attacker has direct access to an affected container where a supplemental group is used to set access permissions and is able to execute...

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process, which allows attackers to infiltrate, replicate, modify, and/or intercept confidential data.

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to remotely infiltrate, replicate, modify, and/or intercept sensitive data...

Authentication flaw

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page...

CVE-2021-42627

D-Link DIR-615 devices running firmware 20.06 are affected by CVE-2021-42627. The WAN configuration page wan.htm can be accessed without authentication, enabling disclosure of WAN settings and potential modification of page data. The Nuclei template confirms unauthorized access and describes impa...

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

The vulnerability of the Hotspot component in Java SE software platforms, specifically the Oracle GraalVM Enterprise Edition virtual machine, allows attackers to create, delete, or alter access to data.

The vulnerability of the Hotspot component in Java SE software platforms, as well as in the Oracle GraalVM Enterprise Edition virtual machine, is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to create, delete, or modify access to data...

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain access to modify, add, or delete data, or cause partial service disruption.

The vulnerability of the Core server component of Oracle WebLogic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to remotely gain access to modify, add, or delete data, or cause a partial service outage using the IIOP and T3...

The vulnerability of the Libraries component of Java SE software platforms allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Libraries component in Java SE software platforms is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or delete data using network packets...

Black Hat and DEF CON Roundup

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. The week even included a rare Las Vegas fla...

CVE-2022-28633

A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file...