1165 matches found
Bakeshop Inventory System SQL Injection Vulnerability
Bakeshop Inventory System is a bakery inventory management system. A SQL injection vulnerability exists in Bakeshop Inventory System version 1.0. A remote attacker can use the login page to view, add, modify, or delete information in the back-end database...
CVE-2018-7926
Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific...
The vulnerability of the ION memory distribution subsystem of the Android operating system allows a hacker to modify data on the device and gain root privileges.
The vulnerability of the ION memory distribution subsystem of the Android operating system is related to deficiencies in access control between applications and the operating system. Exploiting this vulnerability allows a remote attacker to modify data on the device and gain root privileges throu...
High severity vulnerability that affects org.apache.hbase:hbase
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service daemon outage, obtai...
CVE-2018-3301
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Core Technology. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2018-3178
Vulnerability in the Hyperion Common Events component of Oracle Hyperion subcomponent: User Interface. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful...
CVE-2018-3175
Vulnerability in the Hyperion Common Events component of Oracle Hyperion subcomponent: User Interface. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful...
CVE-2018-2887
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications subcomponent: Back Office. Supported versions that are affected are 13.0.0 and 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successf...
UBUNTU-CVE-2018-3180
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
UBUNTU-CVE-2018-3136
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Huawei Mobile Phone Input Validation Vulnerability
Huawei Mate 10 ALP-L09 is a smartphone product of Chinese company Huawei Huawei. An input validation vulnerability exists in the Huawei Mate 10 ALP-L09 phone due to a lack of parameter checking. An attacker induces a user who has gained root privileges to install a carefully crafted application,...
CVE-2018-2450
SAP MaxDB liveCache, versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database...
WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)
WityCMS 0.6.2 - Cross-Site Request Forgery Password Change input type="hidden" name="groupe"...
CVE-2018-3006
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...
CVE-2018-2981
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable...
CVE-2018-2974
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable...
CVE-2018-2950
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...
OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2018-11036
Ruckus SmartZone formerly Virtual SmartCell Gateway or vSCG 3.5.0, 3.5.1, 3.6.0, and 3.6.1 Essentials and High Scale on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data...
CVE-2018-11036
Ruckus SmartZone formerly Virtual SmartCell Gateway or vSCG 3.5.0, 3.5.1, 3.6.0, and 3.6.1 Essentials and High Scale on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data...