CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6701 CVE-2016-0552 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0559, and CVE-2016-0560.
6702 CVE-2016-0551 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0552, CVE-2016-0559, and CVE-2016-0560.
6703 CVE-2016-0550 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to CRM HTML Administration.
6704 CVE-2016-0549 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0548.
6705 CVE-2016-0548 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0549.
6706 CVE-2016-0547 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0548, and CVE-2016-0549.
6707 CVE-2016-0545 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0551, CVE-2016-0552, CVE-2016-0559, and CVE-2016-0560.
6708 CVE-2016-0544 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Architecture.
6709 CVE-2016-0543 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Preview.
6710 CVE-2016-0537 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Person.
6711 CVE-2016-0532 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Assignments.
6712 CVE-2016-0530 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0528, and CVE-2016-0529.
6713 CVE-2016-0529 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0528, and CVE-2016-0530.
6714 CVE-2016-0528 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0529, and CVE-2016-0530.
6715 CVE-2016-0527 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0528, CVE-2016-0529, and CVE-2016-0530.
6716 CVE-2016-0525 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration.
6717 CVE-2016-0524 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration.
6718 CVE-2016-0518 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0517.
6719 CVE-2016-0517 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0518.
6720 CVE-2016-0516 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Quality component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to QA / Order Management Integration.
6721 CVE-2016-0515 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0514.
6722 CVE-2016-0514 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0515.
6723 CVE-2016-0512 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules.
6724 CVE-2016-0511 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0547, CVE-2016-0548, and CVE-2016-0549.
6725 CVE-2016-0510 2016-01-20 2017-09-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Views Catalog.
6726 CVE-2016-0505 2016-01-20 2018-10-30
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
6727 CVE-2016-0504 2016-01-20 2018-10-30
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.
6728 CVE-2016-0492 Dir. Trav. Bypass 2016-01-20 2016-12-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.
6729 CVE-2016-0491 2016-01-20 2016-12-22
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.
6730 CVE-2016-0490 Dir. Trav. 2016-01-20 2016-12-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the UploadServlet servlet, which allows remote attackers to upload and execute arbitrary files via directory traversal sequences in a filename header.
6731 CVE-2016-0489 Dir. Trav. 2016-01-20 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action.
6732 CVE-2016-0488 Dir. Trav. Bypass 2016-01-20 2016-12-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0492. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function in the admin pages, which allows remote attackers to bypass authentication and gain administrator access via directory traversal sequences following a URI entry that does not require authentication.
6733 CVE-2016-0487 Dir. Trav. Bypass 2016-01-20 2016-12-22
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0490. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the process method in the ActionServlet servlet, which allows remote attackers to bypass authentication via directory traversal sequences following an unspecified URI string.
6734 CVE-2016-0442 2016-01-20 2016-12-07
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Loader Service.
6735 CVE-2016-0441 2016-01-20 2016-06-08
6.8
None Remote High Single system Complete Complete Partial
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server.
6736 CVE-2016-0425 2016-01-20 2018-02-19
6.0
None Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Monitoring and Diagnostics.
6737 CVE-2016-0418 2016-01-20 2016-12-07
6.1
None Local Low Not required Partial Partial Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414.
6738 CVE-2016-0415 2016-01-20 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to UI Framework.
6739 CVE-2016-0396 77 Exec Code 2017-02-01 2017-02-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
6740 CVE-2016-0386 352 CSRF 2016-07-02 2016-07-06
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.
6741 CVE-2016-0363 20 Bypass 2016-06-03 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
6742 CVE-2016-0354 434 2017-08-29 2017-09-06
6.0
None Remote Medium Single system Partial Partial Partial
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
6743 CVE-2016-0348 352 XSS CSRF 2018-02-21 2018-03-09
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.
6744 CVE-2016-0335 352 CSRF 2018-01-12 2018-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.
6745 CVE-2016-0326 77 Exec Code 2016-10-21 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
6746 CVE-2016-0318 284 2016-11-25 2016-11-28
6.0
None Remote Medium Single system Partial Partial Partial
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.
6747 CVE-2016-0315 284 2016-07-07 2016-07-08
6.5
None Remote Low Single system Partial Partial Partial
The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.
6748 CVE-2016-0304 284 Exec Code Bypass 2016-06-28 2016-06-29
6.8
None Remote Medium Not required Partial Partial Partial
The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.
6749 CVE-2016-0301 119 Exec Code Overflow 2016-06-26 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279.
6750 CVE-2016-0295 352 XSS CSRF 2018-02-28 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.