Cisco Webex Teams Information Disclosure and Modification Vulnerability

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between use...

Cisco Umbrella API Unauthorized Access Vulnerability

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could...

SAP MaxDB (liveCache SQL Injection Vulnerability)

SAP MaxDB liveCache is a German SAP SAP company's set of database management system. The system supports running on Windeows, Linux and Unix and other platforms. A SQL injection vulnerability exists in SAP MaxDB liveCache versions 7.8 and 7.9, which can be exploited by an attacker to execute...

CVE-2018-1699

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968...

mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client mysqldump. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoco...

USN-3744-1 postgresql-10, postgresql-9.3, postgresql-9.5 vulnerabilities

Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

CloudBees Jenkins Agiletestware Pangolin Connector for TestRail Plugin Data Modification Vulnerability

CloudBees Jenkins is a set of Java-based development of continuous integration tools from CloudBees, Inc. in the U.S. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Agiletestware Pangolin Connector for TestRail Plugin is A plugin for uploadi...

Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

Monstra-Dev 3.0.4 - Cross-Site Request Forgery Account Hijacking Exploit Title: Monstra-Dev 3.0.4 - Cross-Site Request ForgeryAccount Hijacking Date: 2018-08-04 Exploit Author: Nainsi Gupta Vendor Homepage: http://monstra.org/ Product Name: Monstra-dev Version: 3.0.4 Tested on: Windows 10...

openSUSE Security Update : java-10-openjdk (openSUSE-2018-810)

This update for OpenJDK 10.0.2 fixes the following security issues : - CVE-2018-2940: the libraries sub-component contained an easily exploitable vulnerability that allowed attackers to compromise Java SE or Java SE Embedded over the network, potentially gaining unauthorized read access to data...

Oracle Financial Services Applications Banking Corporate Lending Component Access Control Error Vulnerability (CNVD-2019-39917)

Oracle Financial Services Applications is the United States Oracle Oracle company's set of core banking, online banking and property management in one of the financial services software. Banking Corporate Lending is one of the bank loan management components. An access control error vulnerability...

Oracle Fusion Middleware Business Process Management Suite Component Access Control Error Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, and other functionality.Business Process Management Suite is one of the business process management Business...

Oracle Financial Services Applications Banking Corporate Lending Component Access Control Error Vulnerability (CNVD-2019-39910)

Oracle Financial Services Applications is the United States Oracle Oracle company's set of core banking, online banking and property management in one of the financial services software. Banking Corporate Lending is one of the bank loan management components. An access control error vulnerability...

Oracle Financial Services Applications FLEXCUBE Enterprise Limits and Collateral Management Component Access Control Error Vulnerability

Oracle Financial Services Applications is Oracle's suite of financial services software that combines core banking, online banking and property management. FLEXCUBE Enterprise Limits and Collateral Management is a component of FLEXCUBE that is used to manage real-time online exposure of products...

Oracle Financial Services Applications FLEXCUBE Enterprise Limits and Collateral Management component access control error vulnerability (CNVD-2019-39911)

Oracle Financial Services Applications is Oracle's suite of financial services software that combines core banking, online banking, and property management.Oracle FLEXCUBE Enterprise Limits and Collateral Oracle FLEXCUBE Enterprise Limits and Collateral Management is one of the components used to...

WityCMS 0.6.2 Cross Site Request Forgery

...

Oracle Hospitality Applications Hospitality Cruise Fleet Management System Component Access Control Error Vulnerability (CNVD-2019-39928)

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. The solution provides human resource cost management, provides tracking and management of customer services throughout the journey to improve...

Oracle Hospitality Applications Hospitality Simphony Component Access Control Error Vulnerability

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle. Hospitality Simphony is one of the cloud-based hotel management components. An access control error vulnerability exists in the Oracle Hospitality Applications...

WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)

input t...

PYSEC-2018-98

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL at least it is possible to perform updates/inserts/deletes and database...