EUVD-2017-1808

Malware in sbrugna...

Vulnerabilities fixed in Oracle Supply Chain Products Suite

Vulnerabilities have been fixed in Oracle Supply Chain Products Suite. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...

Vulnerabilities fixed in Oracle Supply Chain Products Suite

Oracle has fixed vulnerabilities in the following products within the Supply Chain Products Suite: Transportation Management Agile Engineering Data Management Agile PLM Framework An unauthenticated malicious person could potentially exploit them to cause a denial-of-service. In addition the...

The vulnerability of the central module for managing engineering data and the product’s life cycle in the “LOCMAN Client” system, a system for managing engineering data and the product’s life cycle, arises from the possibility of unlimited loading of dangerous type files, allowing attackers to execute arbitrary codes.

The vulnerability of the central module responsible for managing engineering data and the product’s lifecycle in the LOCsMAN Engineering Data and Product Lifecycle Management system is related to the possibility of unlimited loading of dangerous files. Exploiting this vulnerability could allow...

The vulnerability of the module for creating, editing, and saving diagrams of typical and business processes, determining process properties, creating lists of associated objects “LOCMAN WorkFlow Designer” of the engineering data management system, and the product lifecycle management system LOCMAN:PLM. This vulnerability is related to the unlimited loading of dangerous type files, allowing attackers to execute arbitrary code.

The vulnerability of the module responsible for creating, editing, and saving diagrams of typical and working business processes, as well as defining properties of these processes, and creating lists of associated objects in the “LOZMAN Workflow Designer” system for managing engineering data and...

The vulnerability of the update display module of the engineering data management system and the product lifecycle management system LOCMAN, related to unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.

The vulnerability of the update display module of the engineering data management and product lifecycle management system LOCsMAN:PLM is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by replacing the dll library e.g...

The vulnerability of the application loading optimization service for servers in enterprises with a large number of users lies in the “Balancing Service” of the Engineering Data Management and Product Lifecycle system LOCMAN:PLM. This service allows unauthorized users to execute arbitrary code due to the unlimited loading of dangerous files.

The vulnerability of the application loading optimization service for servers in enterprises with a large number of users is related to unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by replacing DLL libraries such as DNSAPI.dll in...

CVE-2017-10161

Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite subcomponent: Web Services Security. Supported versions that are affected are 6.1.3.0 and 6.2.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTT...

Design/Logic Flaw

Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite subcomponent: Web Services Security. Supported versions that are affected are 6.1.3.0 and 6.2.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTT...

CVE-2017-10161

Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite subcomponent: Web Services Security. Supported versions that are affected are 6.1.3.0 and 6.2.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTT...

CVE-2017-10161

CVE-2017-10161 affects Oracle Engineering Data Management in the Oracle Supply Chain Products Suite (Web Services Security). Affected versions are 6.1.3.0 and 6.2.2.0. The vulnerability can be exploited by an unauthenticated attacker over HTTP to perform unauthorized update, insert, or delete ope...

CVE-2016-5518

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to webfileservices...

CVE-2016-5518

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to webfileservices...

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability

Description Novell NetIQ Sentinel is prone to a security vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Novell NetIQ Sentinel version 7.4x are vulnerable. Technologies Affected Apache Commons FileUpload 1.0...

CVE-2016-3468

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install...

Unspecified Vulnerability in Oracle Supply Chain Products Suite Oracle Agile Engineering Data Management Component

Oracle Supply Chain Products Suite is a suite of supply chain solutions from Oracle that provides value chain planning, value chain execution, product lifecycle management, etc. Oracle Agile Engineering Data Management is one of the Data Management component. A security vulnerability exists in th...

Unspecified Vulnerability in Oracle Supply Chain Products Suite

Oracle Agile Engineering Data Management is a set of asset organization and management solutions from Oracle Corporation, of which Oracle Supply Chain Products Suite is a supply chain solution. An unspecified vulnerability exists in the Web Services Security subcomponent of Oracle Supply Chain...

CVE-2016-3428

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface...

CVE-2016-3428

CVE-2016-3428 is associated with Oracle Agile Engineering Data Management in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0, where an unspecified vulnerability could allow remote attackers to affect availability through the Engineering Communication Interface. The connected records confir...

CVE-2016-3428

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface...