SRC-2022-0008 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue results from...

Jenkins 插件跨站请求伪造漏洞

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins dbCharts Plugin cross-site request forgery vulnerability. The vulnerability allows an attacker to connect to a specified database via JDBC using specified credentials and determine whether a class is availab...

Information Disclosure

apachesuperset is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of the output of the password during database connection allowing an attacker to access password via the database...

UBUNTU-CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...

ZOHO ManageEngine Remote Access Plus Information Disclosure Vulnerability

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. An information disclosure vulnerability exists in ZOHO ManageEngine Remote Access Plus Server prior to version 10.1.2132.6, which stems from a privilege management Improperly managed, the process will start as a...

CVE-2021-42956

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dum...

Apache Superset has an unspecified vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache Foundation. Apache Superset 1.3.1 and earlier versions contain a security vulnerability that could allow an attacker to access the password of an authenticated user's database connection...

Information Disclosure

apache-superset is vulnerable to information disclosure. The vulnerability exists due to the insufficiently protected credentials for database connection, allowing an authenticated attacker to access sensitive information...

CVE-2021-41972

CVE-2021-41972 affects Apache Superset up to and including 1.3.1, where database connection passwords could be leaked to authenticated users in a non-trivial way. Connected documents corroborate a credentials leakage issue; however, the provided sources do not specify exploit vectors, affected su...

CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

CVE-2021-38475

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...

Code injection

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...

CVE-2021-38475

CVE-2021-38475 affects AUVESY Versiondog. The vulnerability arises from a database connection to the server via a specific API, potentially allowing an unprivileged user to gain SYSDBA permissions. NVD lists CVSSv3 base score 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N). CISA/ICS references describe...

CVE-2021-38475 AUVESY Versiondog

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...

CVE-2021-41395

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...

CVE-2021-41395

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...

Design/Logic Flaw

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...

CVE-2021-41395

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...

Teleport 安全漏洞

Teleport is an identity-aware, multi-protocol access agent from Teleport USA, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments.Teleport suffers from a security vulnerability that could be...

CVE-2020-23284

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application...