Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.6% and no vendor patch available.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.1%.
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.7%.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.4%.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.7% and no vendor patch available.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.
Unspecified vulnerability in the Database Scheduler component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9). No vendor patch available.
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security. Rated medium severity (CVSS 6.6). No vendor patch available.
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different. Rated medium severity (CVSS 6.2). No vendor patch available.
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver. Rated medium severity (CVSS 6.2). No vendor patch available.
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to. Rated low severity (CVSS 1.5). Public exploit code available.
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to. Rated low severity (CVSS 1.5). Public exploit code available.