[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256148

 
 

909

 
 

199106

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 254383 Download | Alert*

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of ...

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.

In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

An exploitable SQL injection vulnerability exists in ���quickFile.jsp��� page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.

A number of exploitable SQL injection vulnerabilities exists in ���patientslist.do��� page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ������patientslist.do��� page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can res ...

A number of exploitable SQL injection vulnerabilities exists in ���patientslist.do��� page of OpenClinic GA 5.173.3 application. The findSector parameter in ������patientslist.do��� page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.


Pages:      Start    12988    12989    12990    12991    12992    12993    12994    12995    12996    12997    12998    12999    13000    13001    ..   25438

© SecPod Technologies