1047 matches found
Data Source Name Injection
Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...
CVE-2021-21904
creationtimestamp| type| source ---|---|--- 2021-12-22 22:23:37+00:00| seen| https://t.me/cibsecurity/34537...
SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS
Handle defsec Vulnerability details Impact The latestRoundData function in the contract PriceFeed.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID. Stale prices could put funds at risk. According to Chainlink's...
Path Traversal
github.com/grafana/grafana is vulnerable to Path Traversal. An authenticated attacker can access files outside the expected directory through the arbitrary .csv files when the TestData DB data source is enabled and configured...
CVE-2021-43815 Grafana directory traversal for `.cvs` files
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...
Grafana 路径遍历漏洞
Grafana is an open source monitoring tool from Grafana Labs that provides a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. A path traversal vulnerability exists in Grafana, which stems from the product's failure to effectively...
GHSA-8W26-6F25-CM9X Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource...
Exploit for Path Traversal in Grafana
grafanaExp Exploits using the CVE-2021-43798 vulnerability in...
CVE-2021-3980
creationtimestamp| type| source ---|---|--- 2021-12-03 18:39:49+00:00| seen| https://t.me/cibsecurity/33317...
Server side request forgery (ssrf)
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...
PT-2021-23928 · Redash · Redash
Name of the Vulnerable Software and Affected Versions: Redash versions 10.0 and prior Description: Redash is a package for data visualization and sharing. The implementation of URL-loading data sources like JSON, CSV, or Excel in versions 10.0 and prior is vulnerable to advanced methods of Server...
GHSA-V585-23HC-C647 Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...
Hitachi Vantara Pentaho SQL注入漏洞
Hitachi Vantara Pentaho is a service from Hitachi, Japan, for storing and managing data in big data environments. Hitachi Vantara Pentaho suffers from a SQL injection vulnerability that could allow an unauthenticated user to execute arbitrary SQL queries on a Pentaho data source to retrieve data...
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Insufficient Access Control of Data Source Management Service Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th...
SQL injection in Apache DolphinScheduler
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...
GHSA-93G4-3PHC-G4XW SQL injection in Apache DolphinScheduler
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...
SQL Injection
dolphinScheduleris is vulnerable to SQL injection. The vulnerability exists due to lack of sanitization of user input in data source center, allowing authorized malicious users to inject and execute arbitrary SQL Queries...