oracle retail back office 14.0 vulnerabilities and exploits

(subscribe to this query)

Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...

Oracle Retail Back Office 13.4 Oracle Retail Back Office 14.1 Oracle Retail Back Office 14.0 Oracle Retail Back Office 13.3 Oracle Retail Back Office 13.2

OWASP AntiSamy prior to 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

Antisamy Project Antisamy Oracle Retail Back Office 14.1 Oracle Retail Back Office 14.0 Oracle Retail Returns Management 14.0 Oracle Retail Returns Management 14.1 Oracle Retail Central Office 14.0 Oracle Retail Central Office 14.1 Oracle Banking Platform 2.6.2 Oracle Banking Platform 2.7.0 Oracle Banking Platform 2.7.1 Oracle Insurance Policy Administration 11.3.0 Oracle Insurance Policy Administration 11.0.2 Oracle Banking Enterprise Default Management 2.12.0 Oracle Banking Enterprise Default Management 2.10.0 Oracle Banking Party Management 2.7.0 Oracle Banking Platform Oracle Banking Enterprise Default Managment Oracle Insurance Policy Administration 11.1.0 Oracle Insurance Policy Administration 11.3.1 Oracle Banking Enterprise Default Management 2.7.0 Oracle Banking Enterprise Default Management 2.7.1 Oracle Banking Enterprise Default Management 2.6.2

In Apache Batik 1.x prior to 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deser...

1 Article

Unspecified vulnerability in the Oracle Retail Back Office component in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote malicious users to affect integrity via unknown vectors.

Oracle Retail Applications 12.0in Oracle Retail Applications 13.0 Oracle Retail Applications 13.3 Oracle Retail Applications 13.4 Oracle Retail Applications 12.0 Oracle Retail Applications 14.0 Oracle Retail Applications 14.1 Oracle Retail Applications 13.1 Oracle Retail Applications 13.2

Spring Framework, versions 5.0 before 5.0.5 and versions 4.3 before 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to th...

Vmware Spring Framework Oracle Retail Xstore Point Of Service 7.1 Oracle Enterprise Manager Ops Center 12.2.2 Oracle Primavera Gateway 16.2 Oracle Primavera Gateway 15.2 Oracle Application Testing Suite 12.5.0.3 Oracle Retail Back Office 14.1 Oracle Retail Back Office 14.0 Oracle Enterprise Manager Ops Center 12.3.3 Oracle Retail Open Commerce Platform 6.0.1 Oracle Application Testing Suite 13.1.0.1 Oracle Application Testing Suite 13.2.0.1 Oracle Application Testing Suite 13.3.0.1 Oracle Communications Diameter Signaling Router Oracle Communications Performance Intelligence Center Oracle Communications Services Gatekeeper Oracle Health Sciences Information Manager 3.0 Oracle Healthcare Master Person Index 3.0 Oracle Healthcare Master Person Index 4.0 Oracle Insurance Calculation Engine 10.2 Oracle Insurance Rules Palette 10.0 Oracle Insurance Rules Palette 10.2

1 Github repository

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant before 1.9.16 and 1.10.11 were aff...

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats ...

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Pivotal Software Spring Security Vmware Spring Framework 5.0.5 Oracle Agile Plm 9.3.3 Oracle Agile Plm 9.3.4 Oracle Agile Plm 9.3.5 Oracle Agile Plm 9.3.6 Oracle Application Testing Suite 10.1 Oracle Application Testing Suite 12.5.0.3 Oracle Application Testing Suite 13.1.0.1 Oracle Application Testing Suite 13.2.0.1 Oracle Application Testing Suite 13.3.0.1 Oracle Big Data Discovery 1.6.0 Oracle Communications Converged Application Server Oracle Communications Diameter Signaling Router Oracle Communications Network Integrity Oracle Communications Performance Intelligence Center Oracle Communications Services Gatekeeper Oracle Endeca Information Discovery Integrator 3.1.0 Oracle Endeca Information Discovery Integrator 3.2.0 Oracle Enterprise Manager For Mysql Database 13.2 Oracle Enterprise Manager Ops Center 12.2.2 Oracle Enterprise Manager Ops Center 12.3.3

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory bac...

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an malicious user to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of th...

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook