The vulnerability of the Promotions component of the Oracle Retail Customer Management and Segmentation Foundation software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Promotions component of the Oracle Retail Customer Management and Segmentation Foundation software is related to lack of access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information using the HTTP protocol...

PHP interpreter suffers from an out-of-bounds read vulnerability (CNVD-2020-69476)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

PHP interpreter has an out-of-bounds read vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

PHP interpreter suffers from an out-of-bounds read vulnerability (CNVD-2020-69474)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

CVE-2020-26554

REDDOXX MailDepot 2033 aka 2.3.3022 allows XSS via an incoming HTML e-mail message...

Tobesoft Xplatform Input Validation Error Vulnerability

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. TOBESOFT XPLATFORM suffers from an input validation error vulnerability that originates when a command...

Processmaker SQL注入漏洞

ProcessMaker is a software suite for workflow management that can be used to automate workflows, create documents, assign roles and users to processes, and more. download page /sysworkflow/en/neoclassic/reportTables/ in ProcessMaker 3.4.11 A SQL injection vulnerability exists in the sort paramete...

Puncsky Touchbase.ai Cross-Site Scripting Vulnerability

Puncsky Touchbase.ai is a web platform for interpersonal relationships by Puncsky Individual Developers. A cross-site scripting vulnerability exists in versions prior to touchbase.ai 2.0, which can be exploited by an attacker to inject an HTML payload, resulting in damage, user redirection to a...

CVE-2020-4763

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The...

The vulnerability of the Web Services component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Web Services component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add, or...

The vulnerability of the Analytics Actions component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain unauthorized access to protected information or cause partial service failure.

The vulnerability of the Analytics Actions component of the Oracle Business Intelligence Enterprise Edition software is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information or cause a partial...

The vulnerability of the Analytics Web Administration component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Analytics Web Administration component of the Oracle Business Intelligence Enterprise Edition relates to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protocol...

The vulnerability of Google Chrome’s browser, related to writing beyond the memory buffer, allows attackers to bypass the sandboxing protection mechanism.

The vulnerability of Google Chrome relates to the writing beyond the memory buffer. Exploiting this vulnerability allows a malicious actor to bypass the sandboxing mechanism by using a specially crafted HTML page...

The vulnerability of the Core component of the Oracle Banking Corporate Lending software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle Banking Corporate Lending software lies in insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information via the HTTP network protocol...

Command execution vulnerability exists in MyuCMS (CNVD-2020-67557)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. MyuCMS has a command execution vulnerability that can be exploited by attackers to gain server control privileges...

The vulnerability of the Logging component of the Oracle Hospitality OPERA 5 Property Services software solution allows a hacker to gain full control over the application.

The vulnerability of the Logging component in the Oracle Hospitality OPERA 5 Property Services software solution relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain full control over the application through the HTTP network protocol...

The vulnerability of the User Interface component of the Oracle Trade Management application, a part of the Oracle E-Business Suite, allows an attacker to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Trade Management application, part of the Oracle E-Business Suite, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or to...

The vulnerability of the User Interface component of the Oracle Trade Management application, a part of the Oracle E-Business Suite, allows an attacker to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Trade Management application, part of the Oracle E-Business Suite, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or to...

The vulnerability of the Logging component in the Oracle Hospitality OPERA 5 Property Services software solution allows a malicious individual to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Logging component in the Oracle Hospitality OPERA 5 Property Services software solution relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or to modify, add, or delet...