Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to...
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network...
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access...
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network...
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). Date published : 2020-07-15...
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. Date published : 2020-07-15 https://github.com/networksecure/icewarp_insecure_permissions https://www.icewarp.com/download-premise/server/
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. Date published : 2020-07-15 https://github.com/networksecure/icewarp_unlimited_file_upload https://www.icewarp.com/download-premise/server/
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. Date published : 2020-07-15 https://github.com/networksecure/Icewarp_incorrect_access_control https://www.icewarp.com/download-premise/server/
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 Date published : 2020-07-15 https://s.apache.org/chokl https://lists.apache.org/thread.html/r2e669797c1ea08562253239d2dc4192d951945e0c36cb0754f5394a6@%3Cannounce.apache.org%3E
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server’s intranet. Date published : 2020-07-15 https://www.soluble.ai/blog/harbor-ssrf-cve-2020-13788 https://github.com/goharbor/harbor/releases
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar. Date published :...
XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly...
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. Date published : 2020-07-15 https://know.bishopfox.com/advisories https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0
LibreHealth EMR v2.0.0 is affected by systemic CSRF. Date published : 2020-07-15 https://know.bishopfox.com/advisories https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0