CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform allows a malicious individual to gain unauthorized access to read, modify, or add data, or to cause service interruptions.

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...

The vulnerability of the CAS server of General Bytes Crypto Application Server, related to the manipulation of inter-site requests, allows a hacker to create a user with admin privileges and modify any data on the server at will.

The vulnerability of the CAS server of General Bytes Crypto Application Server is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to create a user with admin privileges and modify any data on the server at will...

The vulnerability of the Web Runtime component of the JD Edwards EnterpriseOne Tools system allows a perpetrator to gain access to read, modify, add, or delete data, or to cause partial service interruption.

The vulnerability of the Web Runtime component of the JD Edwards EnterpriseOne Tools system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data, or cause a partial service...

CVE-2022-21552

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Search. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter...

CVE-2022-21563

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to...

CVE-2022-21552

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Search. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter...

CVE-2022-32247

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

PT-2022-19171 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.0.0 through 5.5.1 Description: The issue is related to improper input validation in the Scheduler component, allowing a remote authenticated attacker to modify Scheduler data. Recommendations: For Cybozu Garoon versio...

The vulnerability of the Infrastructure component of the real-time payment processing software Oracle Banking Payments allows a attacker to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service disruption.

The vulnerability of the Infrastructure component of the real-time payment processing software in Oracle Banking Payments is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability allows an attacker, operating remotely, to create, delete, or modif...

The vulnerability of the User Interface component of the Oracle Transportation Management software allows a perpetrator to gain access to read data or modify data.

The vulnerability of the User Interface component of the Oracle Transportation Management software is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP requests...

The vulnerability of the Web Services Security component of the Oracle Web Services Manager allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Web Services Security component of the Oracle Web Services Manager exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially crafted HTTP...

The vulnerability of components in the Oracle Applications Framework’s File Upload and Attachments programs allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Attachments and File Upload components of the Oracle Applications Framework exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially craft...

The vulnerability of the Application Service component of the software for working with Oracle Web Applications Desktop Integrator allows a perpetrator to gain access to modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the Application Service component of the Oracle Web Applications Desktop Integrator software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized...

CVE-2022-31768

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

Car Rental Management System SQL注入漏洞

Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...

CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...

The vulnerability of the RubyGems.org hosting service, related to authentication errors, allows a perpetrator to gain access to create, modify, or delete data.

The vulnerability of the RubyGems.org hosting service is related to authentication errors during data copying. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to create, modify, or delete data...

CVE-2022-22413

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022...