35 matches found
CVE-2024-5967
CVE-2024-5967 affects Red Hat’s Keycloak/SO deployments (e.g., Red Hat Single Sign-On 7.6.x and 22.0.x). The admin console allows changing the LDAP Connection URL without re-entering credentials, enabling an admin with manage-realm to redirect LDAP host to an attacker-controlled server and leak t...
Remote Code Execution
Apache Airflow Scoop Provider is vulnerable to Remote Code Execution RCE. The vulnerability is caused by not validating/sanitizing the connection url used to import data from RDBMS e.g MySQL or Oracle into the Hadoop Distributed File System HDFS. The attacker can execute malicious commands by...
Insufficient URL Validation
org.apache.nifi:nifi-dbcp-base is vulnerable to Insufficient URL Validation. The vulnerability allows an authenticated attacker with relevant privileges to bypass connection URL validation using custom input formatting, which leads to unauthorized access to data or other resources...
GHSA-23QF-3JF9-H3Q9 Apache NiFi Insufficient Property Validation vulnerability
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...
Apache NiFi Insufficient Property Validation vulnerability
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...
CVE-2023-40037
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...
Design/Logic Flaw
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...
CVE-2023-40037 Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...
Apache Airflow JDBC Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...
CVE-2023-22886 Apache Airflow JDBC Provider: RCE Vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...
CVE-2023-22886 Apache Airflow JDBC Provider: RCE Vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...
Msldap - LDAP Library For Auditing MS AD
msldap LDAP library for MS AD Documentation Awesome documentation here! Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL see below Supports integrated windows authentication SSPI both with NTLM and with KERBEROS Supports channel binding for...
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...
WordPress Ninja Forms Contact Form 信息泄露漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the Ninja Forms Contact Form WordPress plugin befo...