CVE-2021-2345

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce component: Tools and Frameworks. The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2021-34481

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

Icinga 安全漏洞

Icinga is a scalable server, network resource monitoring system from Icinga, Germany. A security vulnerability exists in Icinga that originates from the fact that an attacker who obtains credentials can impersonate Icinga to access these services and add, modify, and delete information there. The...

CVE-2021-27828

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

CVE-2021-27828

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

In4Suit ERP 3.2.74.1370 - (txtLoginId) SQL injection Vulnerability

Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows ----------------------------------------- SQL injection in In4Suite ERP 3.2.74.1370...

In4Suit ERP 3.2.74.1370 SQL Injection

Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Date: 18/05/2021 Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows ----------------------------------------- SQL injection in In4Suite...

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify...

The vulnerability of the Price Book component in the Oracle Advanced Pricing application of the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.

The vulnerability of the Price Book component in the Oracle Advanced Pricing application of the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain...

The vulnerability of the Quotes component in the Oracle Trade Management application of the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.

The vulnerability of the Quotes component in the Oracle Trade Management application of the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain unauthorized...

The vulnerability of the Admin component of Oracle Advanced Collections, a component of the Oracle E-Business Suite, allows an attacker to gain access to modify, add, or delete data, as well as to gain unauthorized access to protected information.

The vulnerability of the Admin component in Oracle Advanced Collections, a component of the Oracle E-Business Suite, relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain unauthorized...

The vulnerability of the Home Page component of the Oracle Applications Framework allows a perpetrator to gain access to modify, add, or delete data, or to gain full control over the application.

The vulnerability of the Home Page component of the Oracle Applications Framework is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or delete data, or to gain full control over the applicati...

The vulnerability of the iRecruitment component of the Oracle Human Resources workforce management software allows a hacker to gain access to data for editing, adding, or deleting.

The vulnerability of the iRecruitment component of the Oracle Human Resources staffing management software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

CVE-2021-2267

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

CVE-2021-2220

Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft component: Manage Requisition Status. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2021-2150

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

The vulnerability of the TCP/IP protocol implementation in the Stack Trace stack allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the TCP/IP protocol implementation in the Trace stack is related to integer overflows. Exploiting this vulnerability allows a remote attacker to gain access to modify, add, or delete data...

Improper access control

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF...

CVE-2021-1399

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...

Authorization

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...