5549 matches found
CVE-2018-3304
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2019-2418
CVE-2019-2418 affects Oracle WebLogic Server (WLS Core Components). Affected versions are 10.3.6.0, 12.1.3.0 and 12.2.1.3. The vulnerability allows unauthenticated, network-based exploitation via the T3 protocol to compromise WebLogic Server, potentially leading to unauthorized update/insert/dele...
CVE-2019-2395
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server...
CVE-2019-2480
CVE-2019-2480 concerns Oracle Outside In Technology (Outside In Filters) in Oracle Fusion Middleware. Affected: Outside In Technology versions 8.5.3 and 8.5.4. Attack via network (HTTP) by an unauthenticated attacker can cause a partial denial of service. CVSS 3.0 base score 5.3 (LOW=AV:N/AC:L/PR...
CVE-2019-2462
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2019-2438
Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware subcomponent: ESI/Partial Page Caching. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Cache...
CVE-2019-2449
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...
CVE-2018-3304
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2019-2449
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: A number of Partial Trust Windows Runtime classes...
CVE-2018-15464
A vulnerability in Cisco 900 Series Aggregation Services Router ASR software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the...
Cisco ASR 900 Series Aggregation Services Router Software Denial of Service Vulnerability
A vulnerability in Cisco 900 Series Aggregation Services Router ASR software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the...
OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-1111)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2018-16863
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as...
Joomla Fabrik 3.9 CSRF / LFI / Shell Upload
Exploit Title : Joomla ComFabrik 3.9 pluginAjax importcsv advancedsearch getprodimg controller LFI with htaccess CSRF Shell Access Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 29/11/2018 Vendor Homepage : extensions.joomla.org/extension/fabrik/...
OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...