Search Results | AttackerKB

Show filters

Topics 24 Users 9,711

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

24 Total Results

Displaying 1-10 of 24

Attacker Value

Unknown

CVE-2020-10683

Disclosure Date: May 01, 2020 (last updated February 21, 2025)

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-10219

Disclosure Date: November 08, 2019 (last updated November 08, 2023)

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2015-2645

Disclosure Date: July 16, 2015 (last updated October 05, 2023)

Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors.

0

Attacker Value

Unknown

CVE-2015-2652

Disclosure Date: July 16, 2015 (last updated October 05, 2023)

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Web Management.

0

Attacker Value

Unknown

CVE-2015-4739

Disclosure Date: July 16, 2015 (last updated October 05, 2023)

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Help screens.

0

Attacker Value

Unknown

CVE-2015-2618

Disclosure Date: July 16, 2015 (last updated October 05, 2023)

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Input validation.

0

Attacker Value

Unknown

CVE-2015-2630

Disclosure Date: July 16, 2015 (last updated October 05, 2023)

Unspecified vulnerability in the Technology stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Applet startup.

0

Attacker Value

Unknown

CVE-2014-2948

Disclosure Date: May 22, 2014 (last updated October 05, 2023)

SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.

0

Attacker Value

Unknown

CVE-2008-3993

Disclosure Date: October 14, 2008 (last updated October 04, 2023)

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote authenticated users to affect integrity via unknown vectors.

0

Attacker Value

Unknown

CVE-2008-3988

Disclosure Date: October 14, 2008 (last updated October 04, 2023)

Unspecified vulnerability in the iSupplier Portal component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect confidentiality via unknown vectors.

0