Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Communications unified inventory management'
2018-06-25
CVE-2018-11040
CWE-829
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
2018-05-11
CVE-2018-1257
CWE-20
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
2018-01-17
CVE-2018-2571
CWE-noinfo
Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
CVE-2018-2570
CWE-noinfo
Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
>>>
Vendor:
Oracle
744
Produkty
Linux
Solaris
Sunos
Http server
Communications server
JAVA
Oracle8i
Java virtual machine
Database server
Mysql
Database assistant
Web listener
Application server
Iplanet web server
Weblogic server
Listener
Internet directory
JDK
Oracle9i
E-business suite
JSP
Application server web cache
JRE
Tuxedo
SDK
Corporate time outlook connector
Reports
Peopletools
Configurator
Database
Applications
Oracle files
Application server portal
Java system application server
Collaboration suite
Enterprise manager
Enterprise manager database control
Enterprise manager grid control
Oracle10g
Database server lite
Secure global desktop
10g reports server
Forms
Weblogic portal
Jdeveloper
Forms builder
Html db
Clinical
10g enterprise manager database control
Enterprise manager application server control
Peoplesoft enterprise
Enterpriseone
Peoplesoft enterprise customer relationship management
Application server discussion forum portlet
Isupport
Peoplesoft enterprise portal
Oracle client
10g enterprise manager grid control
Developer suite
Workflow
Diagnostics
Enterpriseone tools
Oneworld tools
Collaboration suite 10g release 1
Peoplesoft enterprise tools
Pharmaceutical
Exchange
Identity manager
APEX
Portal
Jrockit
Access manager
Java dynamic management kit
Weblogic workshop
Rapid install web server
Peoplesoft enterprise human capital management
Peoplesoft enterprise peopletools
Secure enterprise search
Jinitiator
Opensolaris
Enterprise grid console server
Opmn daemon
Mysql server
Business process management suite
Application server 9i
Applications manager
Application express
Database 9i
Application server 10g
Database 10g
Database 11g
E-business suite 11i
E-business suite 12
Peoplesoft hcm eperformance
Siebel enterprise
Bea product suite
Webloic server component
Weblogic server component
Oracle portal component
Report manager component
Zobacz wszystkie produkty dla producenta
Oracle
Copyright
2024
, cxsecurity.com
Back to Top