NetIQ Privileged Account Manager Cross-Site Scripting Vulnerability

Micro Focus NetIQ Privileged Account Manager is a privileged user management solution from Micro Focus UK. The solution protects privileged account access to databases, applications and the cloud. A cross-site scripting vulnerability exists in versions prior to Micro Focus NetIQ Privileged Accoun...

CVE-2017-7438

NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter...

BSA-2018-564

Security Advisory ID : BSA-2018-564 Component : Oracle Java Revision : 1.1: update The January 2018 Critical Patch Update provides security updatesfor certain Oracle Java Platform software libraries. Java SE JDK and JRE versions through 6u171, 7u161, 8u152, and 9.0.1 are affected by vulnerabiliti...

Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting

Exploit Title: Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting Date: 16-02-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://www.oracle.com Affected Software: Oracle Primavera P6...

Moderate: Red Hat Security Advisory: rh-mariadb100-mariadb security update

An update for rh-mariadb100-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection(CVE-2018-2660) / XSS(CVE-2018-2661)

Vendor description: ------------------- "Oracle is the unchallenged leader in Financial Services, with an integrated, best-in-class, end-to-end solution of intelligent software and powerful hardware designed to meet every financial service need." Source:...

Debian DSA-4091-1 : mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : -...

Important: Red Hat Security Advisory: java-1.7.0-oracle security update

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...

Critical: Red Hat Security Advisory: java-1.8.0-oracle security update

An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which give...

[SECURITY] [DSA 4091-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4091-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 18, 2018 https://www.debian.org/security/faq -...

Oracle Solaris Critical Patch Update : jan2018_SRU11_1_12_5_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacke...

Oracle Identity Manager Multiple Vulnerabilities (January 2018 CPU)

The remote host is missing the January 2018 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities as described in the January 2018 critical patch update advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Oracle E-Business Multiple Vulnerabilities (January 2018 CPU)

The version of Oracle E-Business installed on the remote host is missing the January 2018 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs f...

Oracle VM VirtualBox 5.1.x < 5.1.32 / 5.2.x < 5.2.6 (January 2018 CPU)

The version of Oracle VM VirtualBox running on the remote host is 5.1.x prior to 5.1.32 or 5.2.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for addition...

MySQL 5.5.x < 5.5.59 Multiple Vulnerabilities (January 2018 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.59. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...

Oracle Releases January 2018 Security Bulletin

Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the Oracle...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

U.S. Dept Of Defense: WebLogic Server Side Request Forgery

Universal Description Discovery and Integration UDDI application is publicly available on this WebLogic server. The SearchPublicRegistries.jsp page can be abused by unauthenticated attackers to cause the WebLogic web server to connect to an arbitrary TCP port of an arbitrary host. Responses...