PT-2021-7578 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The issue is related to improper access control in SAP NetWeaver AS for Java, allowing an unauthenticated attacker to attach to an open interface and utilize an open naming and directory API...

CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

CVE-2020-25609

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data...

The vulnerability of the access control function of the IoT network management software Field Network Director allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the access control function in the IoT network management software Field Network Director is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify, add, or delete data...

Unauthorized Access Vulnerability in ThinkAdmin

ThinkAdmin is a backend management framework based on the latest ThinkPHP V6 development, using the loosest MIT protocol open source. ThinkAdmin has an unauthorized access vulnerability. Attackers can use the vulnerability to bypass login to directly read and modify sensitive information...

The vulnerability of the System Wide Java environment for creating, integrating, and managing applications within the Oracle Utilities Framework allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the System Wide Java environment used for creating, integrating, and managing applications within the Oracle Utilities Framework is related to lack of access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information, o...

PT-2020-4800 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to insufficie...

The vulnerability of the APIs of the Oracle Installed Base information storage center component in the Oracle E-Business Suite, which allows a perpetrator to access, modify, add, or delete data.

The vulnerability of the APIs of the Oracle Installed Base information storage center in the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or delete data using the...

Oracle Trade Management Unauthorized Access Vulnerability

Oracle Trade Management is a trade management system from Oracle. It provides functions such as product categorization and allocation, import of purchase orders and letters of credit, and reconciliation of estimated and actual costs to improve trade efficiency and profitability. An unauthorized...

CVE-2020-14856

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2020-14801

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2020-14810

Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications component: WebConnect. Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-14768

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion component: Smart View Provider. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to t...

CVE-2020-14761

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: Oracle Diagnostics Interfaces. Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2020-16908

An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...

Sql injection

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'displayname' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

CVE-2020-25990

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'displayname' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

The vulnerability of the Device Driver Utility component of the Oracle Solaris operating system allows a hacker to gain access to modify, add, or delete data, or cause service failures.

The vulnerability of the Device Driver Utility component of the Oracle Solaris operating system is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to modify, add, or delete data, or cause service failures...