GHSA-8W26-6F25-CM9X Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource...

Exploit for Path Traversal in Grafana

grafanaExp Exploits using the CVE-2021-43798 vulnerability in...

CVE-2021-3980

creationtimestamp| type| source ---|---|--- 2021-12-03 18:39:49+00:00| seen| https://t.me/cibsecurity/33317...

Server side request forgery (ssrf)

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

PT-2021-23928 · Redash · Redash

Name of the Vulnerable Software and Affected Versions: Redash versions 10.0 and prior Description: Redash is a package for data visualization and sharing. The implementation of URL-loading data sources like JSON, CSV, or Excel in versions 10.0 and prior is vulnerable to advanced methods of Server...

GHSA-V585-23HC-C647 Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Insufficient Access Control of Data Source Management Service Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th...

Hitachi Vantara Pentaho SQL注入漏洞

Hitachi Vantara Pentaho is a service from Hitachi, Japan, for storing and managing data in big data environments. Hitachi Vantara Pentaho suffers from a SQL injection vulnerability that could allow an unauthenticated user to execute arbitrary SQL queries on a Pentaho data source to retrieve data...

GHSA-93G4-3PHC-G4XW SQL injection in Apache DolphinScheduler

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

SQL injection in Apache DolphinScheduler

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

SQL Injection

dolphinScheduleris is vulnerable to SQL injection. The vulnerability exists due to lack of sanitization of user input in data source center, allowing authorized malicious users to inject and execute arbitrary SQL Queries...

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

Sql injection

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2021-27644

CVE-2021-27644 affects Apache DolphinScheduler prior to 1.3.6. Authorized users can trigger SQL injection in the data source center when using a MySQL data source with internal login credentials, potentially exposing or altering data in the underlying database. The related records consistently de...

CVE-2021-22402

creationtimestamp| type| source ---|---|--- 2021-10-28 16:23:35+00:00| seen| https://t.me/cibsecurity/31381...

Form Detected

The scanner has detected the presence of a form during the crawling of the target web application. Details about the form are provided in the plugin output. No source data...