Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in Oracle Payables...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is in the original Application ERP based on the expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on a variety of management software collection, is a seamless integration of a management...

PT-2021-2919

Name of the Vulnerable Software and Affected Versions Java SE versions 7u291, 8u281, 11.0.10, 16 Java SE Embedded version 8u281 Oracle GraalVM Enterprise Edition versions 19.3.5, 20.3.1.2, 21.0.0.2 Description The issue allows an unauthenticated attacker with network access via multiple protocols...

PT-2021-2797 · Oracle +2 · Virtualbox +2

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 6.1.20 Description: The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox. This can allow an attacker to gain unauthorized access to modify, add, or delete...

Vulnerability fixed in NetApp products

Several NetApp products include Lodash. Lodash versions up to and including 4.17.15 are susceptible to a vulnerability that, when successfully exploited, can lead to the disclosure of sensitive information, the addition or modification of data, or Denial of Service DoS. NetApp has released update...

CVE-2021-27601

SAP NetWeaver AS Java Applications based on HTMLB for Java allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting XSS vulnerability and the attacker can read and modify data. However, the attack...

Cross site scripting

SAP NetWeaver AS Java Applications based on HTMLB for Java allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting XSS vulnerability and the attacker can read and modify data. However, the attack...

CVE-2021-27601

SAP NetWeaver AS Java Applications based on HTMLB for Java allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting XSS vulnerability and the attacker can read and modify data. However, the attack...

Kenny2github ScratchOAuth2 安全漏洞

Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 There is a security vulnerability , the vulnerability stems from any user can access and modify the data related to...

CVE-2021-24219

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

zzcms elevation of privilege vulnerability

ZZCMS is the content management system of Webmaster Merchants. An elevation of privilege vulnerability exists in /user/adv.php in zzcms version 201910. An attacker can exploit this vulnerability to modify data, which can be used to launch further attacks...

CVE-2021-1399 Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...

CVE-2021-1399 Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...

Nagios SQL注入漏洞

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A SQL injection vulnerability exists in Nagios Network Analyzer versions prior to 2.4.3. The vulnerability can be exploited to read sensitive data from the database and...

ZZCMS 访问控制错误漏洞

ZZCMS is the content management system of Webmaster Merchants. An elevation of privilege vulnerability exists in /user/adv.php in zzcms version 201910. An attacker can exploit this vulnerability to modify data, which can be used to launch further attacks...

The vulnerability of Oracle Cloud Infrastructure Data Science, which stems from insufficient validation of input data, allows attackers to gain read access to data or modify it.

The vulnerability of Oracle Cloud Infrastructure Data Science exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data...

CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

CVE-2020-10582

A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...

On : Graphql introspection is enabled and leaks details about the schema

Summary: Hi team ! i've found a misconfiguration in your graphql Api on the endpoint https://www.on-running.com/en-in/graphql in which an attacker is able to run a graphql interospection query to fetch schemas , types , fields , available query operations , after running interospection query on t...

CVE-2021-20624

Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors...