2726 matches found
AzeoTech DAQFactory Unauthorized Modification Vulnerability
AzeoTech DAQFactory is an HMI/SCADA software. An unauthorized modification vulnerability exists in AzeoTech DAQFactory, which can be exploited by a local, unmanaged user to maliciously replace or modify the original application files...
Oracle Hospitality Guest Access Unauthorized Modification Vulnerability
Oracle Hospitality Applications is a set of business applications, servers and storage solutions for hospitality management from Oracle. The solution provides human resources cost management, provide customers with the entire journey to track the management of services to improve customer...
Oracle Sun Systems Products Suite Unauthorized Modification Vulnerability
Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation, of which Solaris is a Unix-like operating system. A security vulnerability exists in the Kernel subcomponent of the Solaris component version 11 of the Oracle Sun Systems Products Suite. A local attacker...
CVE-2017-10078
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...
CVE-2017-10082
CVE-2017-10082 affects Oracle Agile PLM (Security subcomponent) within Oracle Supply Chain Products Suite; affected versions are 9.3.5 and 9.3.6. The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise Oracle Agile PLM, with potential unauthorized read, up...
Oracle BI Publisher Remote Vulnerability (CNVD-2017-27294)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, and other functionality.Oracle BI Publisher formerly known as XML Publisher is one of the reporting component...
Unauthorized Calendar Modification
Moodle is vulnerable to unauthorized calendar modification. The application does not check for capabilities for editing the calendar, allowing a malicious user to delete course level calendar subscription created by teacher users...
CVE-2017-7917
A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell...
Insecure Hashes
github.com/cloudflare/redoctober is vulnerable to unauthorized modification due to the usage of insecure hashes. The library contains a flaw in the implementation that allows a malicious user to modify messages without being detected...
Oracle FLEXCUBE Investor Servicing Unauthorized Modification Vulnerability
Oracle Financial Services Applications is Oracle's suite of financial services software for core banking, online banking and asset management. Oracle FLEXCUBE Investor Servicing is one of the components that provides life-cycle processing of cross-business hedge funds, mutual funds and unit-linke...
Oracle FLEXCUBE Investor Servicing Unauthorized Modification Vulnerability (CNVD-2017-06278)
Oracle Financial Services Applications is Oracle's suite of financial services software for core banking, online banking and asset management. Oracle FLEXCUBE Investor Servicing is one of the components that provides life-cycle processing of cross-business hedge funds, mutual funds and unit-linke...
Oracle MySQL Server Unauthorized Modification Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which the MySQL Server component is a server component. A security vulnerability exists in the Server: DDL subcomponent of the MySQL Server component in Oracle MySQL. An attacker could exploit this...
Oracle PeopleSoft Enterprise FIN Receivables Unauthorized Modification Vulnerability
Oracle PeopleSoft Products is a set of Oracle's enterprise human capital management solutions, which provides human capital management, financial management, supplier relationship management and other functions.PeopleSoft Enterprise FIN Receivables is one of the financial expense revenue manageme...
CVE-2016-4032
CVE-2016-4032 concerns Samsung devices (Galaxy S6, Note 3, Galaxy S4 variants) where AT commands can be executed because the devices do not block AT+USBDEBUG and AT+WIFIVALUE when connected to a Linux host. The issue enables an attacker with AT access to modify Android settings on affected builds...
DEBIAN-CVE-2017-1001000
The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...
Design/Logic Flaw
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes...
CVE-2016-5552
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with...
Unauthorised Modification Of Permission Scope
spring-security-oauth2 is vulnerable to unauthorised modification of scope. A malicious user can submit a scope parameter during token request, which will be accepted by the server. This allows the malicious user to gain a wider scope of permissions when they authenticate...
Design/Logic Flaw
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...
phpIPAM <= 1.2.1 Multiple Vulnerabilities
phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...