CVE-2020-14740

Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the...

CVE-2020-14740

Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the...

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following Oracle Database products: Database - Enterprise Edition Text Spatial and Graph Application Express APEX SQL Developer The vulnerabilities allow a malicious person, whether or not unauthenticated and remote, potentially be able to launch attacks th...

Allround Automations PL/SQL Developer Installed

Binary data allautoplsqldeveloper.nbin...

Allround Automations PL/SQL Developer < 11.0.6.1776 HTTP Insecure Update RCE

The version of Allround Automations PL/SQL Developer installed on the remote host is prior to 11.0.6.1776. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker...

Allround Automations PL/SQL Developer Arbitrary Code Execution Vulnerability

Allround Automations PL/SQL Developer is an integrated development environment for developing stored procedures for Oracle Databases. An arbitrary code execution vulnerability exists in Allround Automations PL/SQL Developer, which can be exploited by an attacker to execute arbitrary code...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

Design/Logic Flaw

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

CVE-2016-2346

CVE-2016-2346 affects Allround Automations PL/SQL Developer prior to 11.0.6.1776. The vulnerability arises from verifying HTTP update data, allowing a man-in-the-middle to modify the client‑server data stream and execute arbitrary code with the user’s privileges. Affected version: PL/SQL Develope...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

Allround Automations PL/SQL Developer v11 performs updates over HTTP

Overview Allround Automations PL/SQL Developer version 11 checks for updates over HTTP and does not verify updates before executing commands, which may allow an attacker to execute arbitrary code. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2016-2346 According to the...