oracle financial services market risk measurement and management 8.0.6 vulnerabilities and exploits

(subscribe to this query)

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Apache Struts Oracle Financial Services Market Risk Measurement And Management 8.0.6 Oracle Communications Policy Management 12.5.0 Oracle Financial Services Data Integration Hub 8.0.6 Oracle Financial Services Data Integration Hub 8.0.3 Oracle Mysql Enterprise Monitor

10 Github repositories1 Article

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Apache Struts Oracle Communications Policy Management 12.5.0 Oracle Financial Services Data Integration Hub 8.0.3 Oracle Financial Services Data Integration Hub 8.0.6 Oracle Financial Services Market Risk Measurement And Management 8.0.6 Oracle Mysql Enterprise Monitor

1 Article

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted...

Apache Synapse 3.0.0 Apache Synapse 2.1.0 Apache Synapse 2.0.0 Apache Synapse 1.2 Apache Synapse 1.1.2 Apache Synapse 1.1.1 Apache Synapse 1.0 Apache Synapse 1.1 Oracle Peoplesoft Enterprise Peopletools 8.56 Oracle Peoplesoft Enterprise Peopletools 8.57 Oracle Financial Services Market Risk Measurement And Management 8.0.6 Oracle Financial Services Market Risk Measurement And Management 8.0.8

2 Github repositories

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an malicious user to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Pro...

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

Apache Log4j Oracle Flexcube Private Banking 12.1.0 Oracle Retail Integration Bus 14.1 Oracle Flexcube Private Banking 12.0.0 Oracle Flexcube Core Banking 5.2.0 Oracle Retail Integration Bus 15.0 Oracle Peoplesoft Enterprise Peopletools 8.56 Oracle Weblogic Server 10.3.6.0.0 Oracle Utilities Framework 4.2.0.3.0 Oracle Utilities Framework 4.2.0.2.0 Oracle Utilities Framework 2.2.0.0.0 Oracle Peoplesoft Enterprise Peopletools 8.57 Oracle Retail Integration Bus 16.0 Oracle Primavera Unifier 18.8 Oracle Retail Customer Management And Segmentation Foundation 16.0 Oracle Retail Customer Management And Segmentation Foundation 17.0 Oracle Retail Customer Management And Segmentation Foundation 18.0 Oracle Policy Automation Connector For Siebel 10.4.6 Oracle Data Integrator 12.2.1.3.0 Oracle Jd Edwards World Security A9.4 Oracle Financial Services Market Risk Measurement And Management 8.0.6 Oracle Utilities Framework 4.4.0.0.0

3 Github repositories1 Article

In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...

12 Github repositories

jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

97 Github repositories

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook