1072 matches found
CVE-2018-16618
VTech Storio Max devices running before 56.D3JM6 are affected by CVE-2018-16618. An exposed storeintenttranslate.x service on localhost:1668 accepts requests that combine random characters with an Android activity name; the activity name is inserted into a shell command. By injecting shell metach...
CVE-2018-16618
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters...
WebLogic Server re-aeration at high risk 0 day vulnerability-a vulnerability warning-the black bar safety net
6 May 11, Ali cloud security team found WebLogic CVE-2019-2725 patch to bypass the 0day vulnerabilities, and First Time reported in Oracle official, 6 January 12, get Oracle official confirmation. Since Oracle has not yet released an official patch, vulnerability details and real PoC are not...
Fedora Update for wget FEDORA-2019-7a0497cbc2
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
PT-2019-12099 · Rockwell Automation · Compactlogix 5370 +2
Name of the Vulnerable Software and Affected Versions: CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers versions 20 through 30 and earlier. Description: An attacker could send a crafted HTTP/HTTPS request to render th...
The vulnerability of the Attachments sub-component of the Oracle iSupplier Portal component in the Oracle E-Business Suite system, which allows a malicious individual to access data for modification, addition, or deletion.
The vulnerability of the Attachments sub-component of the Oracle iSupplier Portal component in the Oracle E-Business Suite enterprise automation system is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify,...
The vulnerability of the Advanced UI sub-component of the integrated customer service platform for Internet applications, Oracle WebCenter Sites, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Advanced UI sub-component of the integrated customer service platform for Internet applications, Oracle WebCenter Sites, is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...
The vulnerability of the Fabric Layer sub-component of the software package for building and deploying service-oriented architecture, Oracle SOA Suite, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Fabric Layer sub-component of the software package for building and deploying service-oriented architecture of Oracle SOA Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...
The vulnerability of the Fluid sub-component of the PeopleSoft Enterprise PeopleTools business application suite from Oracle PeopleSoft allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the Fluid sub-component of the PeopleSoft Enterprise PeopleTools business application suite, developed by Oracle PeopleSoft Products, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify...
The vulnerability of the Service Enablement component in the JD Edwards World Technical Foundation software package allows a malicious individual to gain unauthorized access to protected data.
The vulnerability of the Service Enablement component in the JD Edwards World Technical Foundation package is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...
The vulnerability of the Preference sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to protected data.
The vulnerability of the Preference sub-component of the Oracle CRM component in the Oracle E-Business Suite system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP...
WebLogic Server exposure to high-risk remote command execution 0 day vulnerability-a vulnerability warning-the black bar safety net
Recently, Ali cloud security team monitored, by the National information security vulnerabilities sharing platform CNVD)included in the Oracle WebLogic wls9-async deserialization remote command execution vulnerability CNVD-C-2019-48814 be attacker, the unauthorized remote execution command. The...
The vulnerability of the Print Server sub-component of the Oracle One-to-One Fulfillment component of the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.
The vulnerability of the Print Server sub-component of the Oracle One-to-One Fulfillment component in the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data...
The vulnerability of the SQR sub-component of the PeopleSoft Enterprise PeopleTools component of the Oracle PeopleSoft Products suite for business applications allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the SQR sub-component of the PeopleSoft Enterprise PeopleTools business application suite from Oracle PeopleSoft Products is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or...
The vulnerability of the Web Catalog sub-component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Web Catalog sub-component of the Oracle Business Intelligence Enterprise Edition software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using th...
The vulnerability of the Outside In Filters sub-component of Oracle’s software development kit (SDK) allows a malicious actor to gain unauthorized access to protected information or cause partial service disruption.
The vulnerability of the Outside In Filters sub-component of the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or cause a partial servic...
The vulnerability of the Outside In Filters sub-component of the Oracle Outside In Technology software development kit (SDK). This vulnerability allows a malicious actor to gain unauthorized access to protected information or cause partial service disruption.
The vulnerability of the Outside In Filters sub-component of the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or cause a partial servic...
Design/Logic Flaw
Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls...
CVE-2018-18251
Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls...
The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite allows a perpetrator to access data for modification, addition, or deletion.
The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protoco...