Lucene search
+L

2726 matches found

CNVD
CNVD
added 2017/08/30 12:0 a.m.7 views

AzeoTech DAQFactory Unauthorized Modification Vulnerability

AzeoTech DAQFactory is an HMI/SCADA software. An unauthorized modification vulnerability exists in AzeoTech DAQFactory, which can be exploited by a local, unmanaged user to maliciously replace or modify the original application files...

7.1CVSS6.9AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.5 views

Oracle Hospitality Guest Access Unauthorized Modification Vulnerability

Oracle Hospitality Applications is a set of business applications, servers and storage solutions for hospitality management from Oracle. The solution provides human resources cost management, provide customers with the entire journey to track the management of services to improve customer...

4.3CVSS5.1AI score0.01339EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.7 views

Oracle Sun Systems Products Suite Unauthorized Modification Vulnerability

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation, of which Solaris is a Unix-like operating system. A security vulnerability exists in the Kernel subcomponent of the Solaris component version 11 of the Oracle Sun Systems Products Suite. A local attacker...

3.3CVSS4.5AI score0.00495EPSS
Exploits0References1
NVD
NVD
added 2017/08/08 3:29 p.m.21 views

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

8.1CVSS7.8AI score0.02402EPSS
Exploits0References11
CVE
CVE
added 2017/08/08 3:0 p.m.62 views

CVE-2017-10082

CVE-2017-10082 affects Oracle Agile PLM (Security subcomponent) within Oracle Supply Chain Products Suite; affected versions are 9.3.5 and 9.3.6. The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise Oracle Agile PLM, with potential unauthorized read, up...

6.1CVSS5.5AI score0.0147EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/08/02 12:0 a.m.6 views

Oracle BI Publisher Remote Vulnerability (CNVD-2017-27294)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, and other functionality.Oracle BI Publisher formerly known as XML Publisher is one of the reporting component...

7.6CVSS7.8AI score0.01385EPSS
Exploits0References1
Veracode
Veracode
added 2017/07/25 4:41 a.m.24 views

Unauthorized Calendar Modification

Moodle is vulnerable to unauthorized calendar modification. The application does not check for capabilities for editing the calendar, allowing a malicious user to delete course level calendar subscription created by teacher users...

5.5CVSS6AI score0.01272EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/05/29 4:0 p.m.22 views

CVE-2017-7917

A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell...

8.6AI score0.00494EPSS
Exploits0References1
Veracode
Veracode
added 2017/05/03 6:5 a.m.9 views

Insecure Hashes

github.com/cloudflare/redoctober is vulnerable to unauthorized modification due to the usage of insecure hashes. The library contains a flaw in the implementation that allows a malicious user to modify messages without being detected...

6.5AI score
Exploits0
CNVD
CNVD
added 2017/04/28 12:0 a.m.5 views

Oracle FLEXCUBE Investor Servicing Unauthorized Modification Vulnerability

Oracle Financial Services Applications is Oracle's suite of financial services software for core banking, online banking and asset management. Oracle FLEXCUBE Investor Servicing is one of the components that provides life-cycle processing of cross-business hedge funds, mutual funds and unit-linke...

3.5CVSS6.6AI score0.00966EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/28 12:0 a.m.3 views

Oracle FLEXCUBE Investor Servicing Unauthorized Modification Vulnerability (CNVD-2017-06278)

Oracle Financial Services Applications is Oracle's suite of financial services software for core banking, online banking and asset management. Oracle FLEXCUBE Investor Servicing is one of the components that provides life-cycle processing of cross-business hedge funds, mutual funds and unit-linke...

6.5CVSS6.7AI score0.01443EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/27 12:0 a.m.1 views

Oracle MySQL Server Unauthorized Modification Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which the MySQL Server component is a server component. A security vulnerability exists in the Server: DDL subcomponent of the MySQL Server component in Oracle MySQL. An attacker could exploit this...

4.3CVSS7.7AI score0.02132EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/26 12:0 a.m.5 views

Oracle PeopleSoft Enterprise FIN Receivables Unauthorized Modification Vulnerability

Oracle PeopleSoft Products is a set of Oracle's enterprise human capital management solutions, which provides human capital management, financial management, supplier relationship management and other functions.PeopleSoft Enterprise FIN Receivables is one of the financial expense revenue manageme...

5.3CVSS6.6AI score0.01658EPSS
Exploits0References1
CVE
CVE
added 2017/04/13 4:0 p.m.50 views

CVE-2016-4032

CVE-2016-4032 concerns Samsung devices (Galaxy S6, Note 3, Galaxy S4 variants) where AT commands can be executed because the devices do not block AT+USBDEBUG and AT+WIFIVALUE when connected to a Linux host. The issue enables an attacker with AT access to modify Android settings on affected builds...

4.6CVSS4.7AI score0.00432EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/04/03 1:59 a.m.3 views

DEBIAN-CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

7.5CVSS7.1AI score0.81848EPSS
Exploits0References1
Prion
Prion
added 2017/02/01 10:59 p.m.20 views

Design/Logic Flaw

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes...

4CVSS6.6AI score0.0059EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/01/27 10:1 p.m.20 views

CVE-2016-5552

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with...

5.2AI score0.02729EPSS
Exploits0References19
Veracode
Veracode
added 2016/12/02 10:20 a.m.15 views

Unauthorised Modification Of Permission Scope

spring-security-oauth2 is vulnerable to unauthorised modification of scope. A malicious user can submit a scope parameter during token request, which will be accepted by the server. This allows the malicious user to gain a wider scope of permissions when they authenticate...

6.9AI score
Exploits0
Prion
Prion
added 2016/11/30 6:59 p.m.19 views

Design/Logic Flaw

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...

2.1CVSS6.6AI score0.00271EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2016/09/12 12:0 a.m.14 views

phpIPAM <= 1.2.1 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...

7.3AI score
Exploits0References2
Rows per page
Query Builder