1447 matches found
Oracle Communications Policy Management Unauthorized Operation Vulnerability
Oracle Communications Applications is a suite of Oracle applications for rapidly delivering and monetizing digital life communications.Oracle Communications Policy Management is one of the communications policy management components. A security vulnerability exists in the Portal, CMP subcomponent...
PostgreSQL vulnerabilities
The PostgreSQL project reports: CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges...
Insert Pages < 3.2.4 - Directory Traversal
The Insert Pages WordPress plugin was affected by a Directory Traversal security vulnerability...
Cross-site Scripting (XSS) Through SVG Documents
silverstripe/installer and silverstripe/framework are vulnerable to cross-site scripting XSS attacks. These attacks are possible because the Insert Media option within the content editor, and the pathname in admin/assests/add allow attackers to insert SVG documents containing arbitrary javascript...
Code injection
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
CVE-2017-14498
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
Dumping Data from Deep-Insert Skimmers
I recently heard from a police detective who was seeking help identifying some strange devices found on two Romanian men caught maxing out stolen credit cards at local retailers. Further inspection revealed the devices to be semi-flexible data transfer wands that thieves can use to extract stolen...
Oracle FLEXCUBE Private Banking Remote Vulnerability (CNVD-2017-21029)
Oracle Financial Services Applications is a set of core banking, online banking and property management financial services software from Oracle Corporation, of which Oracle FLEXCUBE Private Banking is a private banking component. A security vulnerability exists in the Miscellaneous subcomponent o...
ALPINE-CVE-2017-3653
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoco...
CVE-2017-10200
Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications subcomponent: Other. The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to...
CVE-2017-10131
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with netwo...
CVE-2017-10072
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: All Modules. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged...
CVE-2017-10172
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications subcomponent: Framework. Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
CVE-2017-10211
Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: WebConnect. The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality Suite8. Successf...
CVE-2017-10149
CVE-2017-10149 affects Oracle Primavera Unifier (Platform subcomponent) across multiple supported versions (9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1, 16.2). The vulnerability enables a high-privilege attacker with network access via HTTP to compromise Primavera Unifier, with successful attacks po...
CVE-2017-10200
CVE-2017-10200 affects Oracle Hospitality e7 in Oracle Hospitality Applications (subcomponent: Other), with vulnerable version 4.2.1. The advisory describes an easily exploitable vulnerability that allows a low-privileged attacker who can log on to the infrastructure where Oracle Hospitality e7 r...
TiMidity++ 'insert_note_steps' Function Denial of Service Vulnerability
TiMidity++ is an open source audio file converter and player that can convert MIDI files to other formats. A security vulnerability exists in the 'insertnotesteps' function of the readmidi.c file in TiMidity++ version 2.14.0. A remote attacker can exploit this vulnerability to cause a denial of...
DEBIAN-CVE-2017-11546
The insertnotesteps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted mid file. NOTE: a crash might be relevant when using the --background option...
Fiyo CMS SQL Injection Vulnerability (CNVD-2017-23893)
Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the /apps/appcomment/controller/insert.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'name'...
Thieves Used Infrared to Pull Data from ATM ‘Insert Skimmers’
A greater number of ATM skimming incidents now involve so-called "insert skimmers," wafer-thin fraud devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot. New evidence suggests that at least some of these insert skimmers -- which record card data and store it on a...