Page 2 of 9 results (0.016 seconds)

CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438. Vulnerabilidad no especificada en el componente Oracle Retail Point-of-Service en Oracle Retail Applications 13.4, 14.0 y 14.1 permite a usuarios locales afectar a la confidencialidad a través de vectores relacionados con Mobile POS, una vulnerabilidad diferente a CVE-2016-0434, CVE-2016-0437 y CVE-2016-0438. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034718 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Retail Central Office en Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0, y 14.1 permite a atacantes remotos afectar la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032128 •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in the Oracle Retail Back Office component in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Retail Back Office en Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, y 14.1 permite a atacantes remotos afectar la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74093 http://www.securitytracker.com/id/1032128 •

CVSS: 7.5EPSS: 21%CPEs: 74EXPL: 2

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de una cabecera Content-Type manipulada que evade las condiciones de salida del bucle. A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. • https://www.exploit-db.com/exploits/31615 http://advisories.mageia.org/MGASA-2014-0110.html http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html http://jvn.jp/en/jp/JVN14876762/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E http://marc.info/?l=bugtraq&m=143136844732487&w=2 http://packetstormsecurity.com/files/127215/VMware& • CWE-264: Permissions, Privileges, and Access Controls •