1041 matches found
Authentication flaw
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...
CVE-2022-41263
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...
CVE-2022-4311
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation ...
CVE-2022-3641
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account...
Privilege escalation
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account...
SAP Business Objects Business Intelligence Platform 跨站请求伪造漏洞
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A cross-site request forgery vulnerability exists in SAP Business...
ARC Informatique PcVue 日志信息泄露漏洞
ARC Informatique PcVue is a multifunctional HMI-SCADA software from ARC Informatique, France, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications such as industrial control, building management, energy management, smart grids, ener...
PT-2022-25775 · Sap · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: SAP Business Objects Business Intelligence Platform Web Intelligence versions 420, 430 Description: The issue is caused by a missing authentication check, allowing an authenticated non-administrator attacker to modify the data source...
CVE-2022-3641
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account...
PT-2022-23355 · Devolutions +1 · Devolutions Remote Desktop Manager +1
Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2022.3.13 through 2022.3.24 Description: The issue allows an authenticated user to spoof a privileged account due to elevation of privilege in the Azure SQL Data Source. Recommendations: For version...
net-mgmt/cacti is vulnerable to remote command injection
cacti team reports: A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device...
CVE-2022-45442
creationtimestamp| type| source ---|---|--- 2022-11-29 00:28:30+00:00| seen| https://t.me/cibsecurity/53614 2025-03-04 05:49:27+00:00| seen| https://gist.github.com/saburi-pp/237b36513b29209ae31133136478b20e 2025-04-22 16:03:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12881...
grafana: XSS vulnerability in data source handling
A Cross-site scripting XSS vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting...
FreeBSD : Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6877e164-6296-11ed-9ca2-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6877e164-6296-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Starting with version...
grafana: XSS vulnerability in data source handling
A Cross-site scripting XSS vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting...
Arbitrary Code Execution
github.com/pingcap/tidb is vulnerable to arbitrary code execution. The vulnerability exists because the data source name string in the database connection is not properly neutralized which allows an attacker to inject malicious code and get read access to files in the system...
TiDB vulnerable to Use of Externally-Controlled Format String
TiDB server importer CLI tool prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."...
GHSA-7FXJ-FR3V-R9GJ TiDB vulnerable to Use of Externally-Controlled Format String
TiDB server importer CLI tool prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."...
PT-2022-20025 · Tidb · Tidb
Name of the Vulnerable Software and Affected Versions: TiDB versions prior to 6.4.0 TiDB versions prior to 6.1.3 Description: The issue concerns the use of an externally-controlled format string and data source name injection in the TiDB server. Specifically, the database name for generating and...
Devolutions Remote Desktop Manager 安全漏洞
Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2022.3.7 and prior versions, which can be exploited by an attacker to gain unauthorized...