CVE-2018-3265

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Zones. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris...

CVE-2018-3175

Vulnerability in the Hyperion Common Events component of Oracle Hyperion subcomponent: User Interface. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful...

CVE-2018-3131

Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle...

CVE-2018-3189

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite subcomponent: Outcome-Result. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2018-24267)

Oracle E-Business Suite E-Business Suite is a set of Oracle's fully integrated global business management software.Applications Manager is one of the components used to monitor the performance and availability of Oracle application servers. A security vulnerability exists in the None subcomponent...

Unspecified Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management (CNVD-2018-24259)

Oracle Construction and Engineering Suite is a suite of portfolio management solutions for construction projects from Oracle Corporation.Primavera P6 Enterprise Project Portfolio Management P6 is one of the components for planning, managing and executing projects. Primavera P6 Enterprise Project...

WordPress Wp-Insert plugin code execution vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. wp-Insert plugin is used in one of the ads management plugin . A file upload vulnerability exists in WordPress...

Design/Logic Flaw

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and...

CVE-2018-17573

The CVE-2018-17573 entry concerns WordPress with the WP-Insert plugin (v2.4.2 and earlier) where an improper exposure/configuration of FCKeditor files (fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/co...

CVE-2018-17573

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and...

Wordpress plugin Wp Insert 'Fckeditor' arbitrary file upload vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress plugin Wp Insert 'Fckeditor' has an arbitrary file upload vulnerability that can be exploited by attackers to upload arbitrary files...

WordPress WP Insert 2.4.2 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Wp Insert - 'Fckeditor' Arbitrary File Upload Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Google Dork: /wp-content/plugins/wp-insert Vendor: Namith Jawahar Software Link:...

LimeSurvey Cross-Site Scripting Vulnerability (CNVD-2019-31188)

LimeSurvey formerly known as PHPSurveyor is an open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection functions. appendix is one of the appendix components. A cross-site scripting vulnerability...

Important: postgresql93, postgresql94, postgresql95

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...

DEBIAN-CVE-2018-16642

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write...

osCommerce 2.3.4.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: osCommerce Add Admin User CSRF Vulnerability Exploit Author: Hesam Bazvand Contact: email protected Download Link: https://www.oscommerce.com/Products&Download=oscom2341 Tested on: Windows 10 / Kali Linux Category: WebApps...

postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements

It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...

postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements

It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...

postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements

It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...