330 matches found
CVE-2022-43718
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43718
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43718 Apache Superset: Cross-Site Scripting vulnerability on upload forms
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43718
CVE-2022-43718 affects Apache Superset up to version 1.5.2 and version 2.0.0. The issue is a Cross‑Site Scripting (XSS) vulnerability caused by upload data forms not correctly rendering user input, exploitable by authenticated users with database connection update permissions. The connected docum...
CVE-2022-3187
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read...
CVE-2022-3187
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read...
CVE-2022-3187
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read...
CVE-2022-3187
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read...
PT-2022-20963 · Dataprobe · Dataprobe Iboot Pdu
Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Description: The issue arises from certain PHP pages only validating when a valid connection is established with the database, but not verifying the validity of a user. This lack of...
CVE-2022-35198
Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information...
CVE-2022-35198
Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information...
CVE-2022-35198
Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information...
CVE-2022-35198
Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information...
Contract Management System 授权问题漏洞
Contract Management System is a contract management system. It enables companies to create new contracts and track the status of existing contracts to ensure that employees, vendors, and customers meet defined requirements. A security vulnerability exists in Contract Management System version v2....
GHSA-42Q4-9XF9-F67X Apache Superset allowed for database connections password leak for authenticated users
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way...
Magento SQL injection vulnerability
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates...
The vulnerability of the gfix utility in the “Red Database” database management system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the gfix utility in the “Red Database” database management system is related to deficiencies in password masking during user login when the -f command is used as an argument passed to the utility. Exploiting this vulnerability can allow an attacker, operating remotely, to gai...
The vulnerability of the VMware Workspace ONE Access application management platform, the VMware vRealize Automation virtual infrastructure management tool, the VMware Identity Manager (vIDM) administration consoles, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software for application lifecycle management, is related to deficiencies in the deserialization mechanism, allowing an attacker to execute arbitrary code.
The vulnerabilities of the VMware Workspace ONE Access application management platform, the VMware vRealize Automation virtual infrastructure management tool, the VMware Identity Manager vIDM administration consoles, the VMware Cloud Foundation virtualization platform, and the vRealize Suite...
Arbitrary File Disclosure Via Password Leakage
vrana/adminer is vulnerable to arbitrary file disclosure. The vulnerability exists because the user credential requests when connecting to the database are not properly validated which allows an attacker to send requests to establish a database connection and arbitrarily read files on the server...
PT-2022-11760 · Adminer · Adminer
Name of the Vulnerable Software and Affected Versions: Adminer versions 1.12.0 through 4.6.2 Description: The issue allows an attacker to achieve arbitrary file read on a remote server by requesting Adminer to connect to a remote MySQL database, due to improper access control. Recommendations: Fo...