1047 matches found
CVE-2023-39515
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...
CVE-2023-39515 Stored Cross-site Scripting on data_debug.php datasource path view in Cacti
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...
CVE-2023-39515
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...
CVE-2023-39514
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...
CVE-2023-39514 Stored Cross-site Scripting on graphs.php data template formated name view in Cacti
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...
RESTEasy: creation of insecure temp files
In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...
PT-2023-4941 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: The issue is a Stored Cross-Site-Scripting XSS vulnerability that allows an authenticated user to poison data stored in the Cacti database. This data will be viewed by administrative Cacti accounts...
Citrix Director Message: "Cannot Retrieve Data". Error: Data source cannot be found.
Delivery Controller error: The description for Event ID 5 from source Citrix Director Service cannot be found.Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. On...
CVE-2023-3855
creationtimestamp| type| source ---|---|--- 2023-07-24 07:25:46+00:00| seen| https://t.me/cibsecurity/67136...
The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software allow attackers to disclose protected information.
The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software are related to deficiencies in the data source verification mechanism. Exploitation of these vulnerabilities can allow attackers to disclose protected information...
grafanaplugin 命令注入漏洞
grafanaplugin is a TDengine data source plugin for grafana. A command injection vulnerability exists in grafanaplugin, which can be exploited by an attacker to execute arbitrary code...
Grafana -- Grafana DS proxy race condition
Grafana Labs reports: We have discovered a vulnerability with Grafana’s data source query endpoints that could end up crashing a Grafana instance. If you have public dashboards PD enabled, we are scoring this as a CVSS 7.5 High. If you have disabled PD, this vulnerability is still a risk, but...
Grafana 安全漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. A security vulnerability exists in Grafana versions prior to 9.4.12, 9.5.3, and 9.5.3, which...
CVE-2023-33963 DataEase data source has deserialization vulnerability
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...
Contributors will be unable to fund a project if UNISWAP token swapping is recommended over minting in JBXBuybackDelegate data source
Lines of code Vulnerability details Impact A core function of the juice-buyback contract, which is to maximise the project tokens received by the contributor, won't work whenever a swap from Uniswap V3 pool provides more tokens over minting because the transaction will revert. This can cause the...
CVE-2023-31847
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side...
CVE-2023-31847
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side...
Advanced Custom Fields Pro for WordPress 6.0.x < 6.1.6 Cross-Site Scripting
The WordPress Advanced Custom Fields Pro Plugin installed on the remote host is affected by a Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
PT-2023-23487 · Oracle · Mysql Server
Name of the Vulnerable Software and Affected Versions: davinci version 0.3.0-rc Description: The issue allows a user to connect to a malicious MySQL server after logging in, by controlling the data source. This can lead to reading arbitrary files on the client side. Recommendations: For davinci...
CVE-2023-31847
Affects davinci 0.3.0-rc. After login, a user can connect to a malicious MySQL server by abusing data-source control to read arbitrary files on the client side. Impact: confidentiality high; exploitation not described in detail. No patch information is provided in the sources; a workflow-based wo...