18 matches found
EUVD-2016-6597
Malware in sbrugna...
EUVD-2016-6598
Malware in sbrugna...
Misys FusionCapital Opics Plus Elevation of Privilege Vulnerability
Misys FusionCapital Opics Plus is an end-to-end scalable money business solution for the financial industry from Misys UK. The solution provides IAS-compliant accounting structures, foreign exchange tools and client-facing e-banking capabilities. A security vulnerability exists in Misys...
Misys FusionCapital Opics Plus Information Disclosure Vulnerability
Misys FusionCapital Opics Plus is an end-to-end scalable money business solution for the financial industry from Misys UK. The solution provides IAS-compliant accounting structures, foreign exchange tools and client-facing e-banking capabilities. A security vulnerability exists in Misys...
Misys FusionCapital Opics Plus SQL Injection Vulnerability
Misys FusionCapital Opics Plus is an end-to-end scalable money business solution for the financial industry from Misys UK. The solution provides IAS-compliant accounting structures, foreign exchange tools and client-facing e-banking capabilities. An SQL injection vulnerability exists in Misys...
CVE-2016-5655
Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate...
CVE-2016-5654
Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter...
CVE-2016-5653
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the 1 ID or 2 Branch parameter...
Design/Logic Flaw
Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate...
Sql injection
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the 1 ID or 2 Branch parameter...
Design/Logic Flaw
Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter...
CVE-2016-5653
CVE-2016-5653 affects Misys FusionCapital Opics Plus. Descriptions in multiple sources confirm SQL injection vulnerabilities allowing remote authenticated users to execute arbitrary SQL commands via the ID or Branch parameters in a search. Impact: attacker could enumerate the database and, in con...
CVE-2016-5655
Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate...
CVE-2016-5654
Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter...
CVE-2016-5654
Misys FusionCapital Opics Plus is affected by CVE-2016-5654. A remote authenticated attacker could exploit a man-in-the-middle to tamper with the xmlMessageOut parameter and escalate privileges to administrator. The issue is tied to Misys FusionCapital Opics Plus and is described in CNVD/CERT ent...
CVE-2016-5655
Misys FusionCapital Opics Plus suffers from improper certificate validation (CVE-2016-5655): the component does not verify X.509 certificates from SSL servers, enabling MITM and potential exposure of sensitive data. Affected product is Misys FusionCapital Opics Plus; the vulnerability allows an a...
CVE-2016-5653
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the 1 ID or 2 Branch parameter...
Misys FusionCapital Opics Plus contains multiple vulnerabilities
Overview Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries. FusionCapital Opics Plus contains several vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' -...