CVE-2021-37214

The employee management page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator...

Cybozu Garoon 授权问题漏洞

An operational restriction bypass vulnerability exists in Bulletin in Cybozu Garoon, a portal-based OA office system of Cybozu Japan. An attacker can use this vulnerability to change the data in the bulletin without proper privileges...

Cybozu Garoon 安全漏洞

An operational restriction bypass vulnerability exists in the Portal of Cybozu Garoon, a portal-based OA office system of Cybozu Japan. An attacker can use this vulnerability to change the data of the portal without proper privileges...

uListing < 2.0.6 - Authenticated IDOR

An Authenticated User IDOR vulnerability was discovered in the plugin. PoC Important: userid and listingid values ​​are dependent on each other, that is, if the author ID == 4, the data can only be modified for those ADs and pages that relate to this particular ID. You can find out the author of...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).

...

CVE-2021-2445

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion component: Lifecycle Management. The supported version that is affected is 11.2.5.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion...

Design/Logic Flaw

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Application Service. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2021-2415

Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite component: Timecard. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and...

CVE-2021-2408

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Notification Configuration. The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2021-2406

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Collaborative...

CVE-2021-2398

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Region Mapping. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

CVE-2021-2395

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: iCare, Configuration. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2021-2395

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: iCare, Configuration. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2021-2393

Vulnerability in the Oracle E-Records product of Oracle E-Business Suite component: E-signatures. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Records...

CVE-2021-2373

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime. Supported versions that are affected are 9.2.5.3 and Prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne...

CVE-2021-2366

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14 and 20.12.0-20.12.3. Easily exploitable vulnerability allows...

CVE-2021-2364

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite component: Accounts. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSuppli...

CVE-2021-2365

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite component: People Management. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources...

CVE-2021-2363

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2021-2361

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: SDK client integration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...