PT-2023-19245 · Solarwinds · Database Performance Analyzer

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A directory traversal and file enumeration issue allows users to enumerate different folders of the server. Recommendations: At the moment, there is no information about a newer version...

CVE-2023-23837 No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1

No exception handling vulnerability which revealed sensitive or excessive information to users...

CVE-2023-23837 No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1

No exception handling vulnerability which revealed sensitive or excessive information to users...

Vulnerabilities fixed in SolarWinds Database Performance Analyzer

SolarWinds has fixed vulnerabilities in Database Performance Analyzer DPA. An authenticated malicious party can exploit the exploit the vulnerabilities to gain access to sensitive data or perform a cross-site scripting attack. SolarWinds has released updates to address the vulnerabilities fixes i...

CVE-2022-38110

In Database Performance Analyzer DPA 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting...

Cross site scripting

In Database Performance Analyzer DPA 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting...

Database Performance Analyzer 跨站脚本漏洞

SolarWinds Database Performance Analyzer Dpa is a database performance analyzer from SolarWinds, Inc. It is used to monitor, diagnose, and resolve performance issues with many types of database instances. A cross-site scripting vulnerability exists in Database Performance Analyzer DPA version...

CVE-2022-38110 Reflected Cross-Site Scripting Vulnerability

In Database Performance Analyzer DPA 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting...

CVE-2022-38110

SolarWinds Database Performance Analyzer (DPA) versions 2022.4 and older are vulnerable to authenticated reflected cross‑site scripting via certain URL vectors. The root cause is exposure of URL handling that can reflect input back to authenticated users, enabling XSS within affected sessions. Af...

CVE-2022-38110 Reflected Cross-Site Scripting Vulnerability

In Database Performance Analyzer DPA 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting...

PT-2023-13592 · Unknown · Database Performance Analyzer

Name of the Vulnerable Software and Affected Versions: Database Performance Analyzer DPA versions 2022.4 and older Description: The issue concerns authenticated reflected cross-site scripting, where certain URL vectors are susceptible to this type of attack. Recommendations: For versions 2022.4 a...

Database Performance Analyzer 安全漏洞

SolarWinds Database Performance Analyzer Dpa is a database performance analyzer from SolarWinds, Inc. It is used to monitor, diagnose, and resolve performance issues with many types of database instances. A security vulnerability exists in Database Performance Analyzer DPA version 2022.4 and...

Unspecified Vulnerability in XWiki Platform

XWik Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security error vulnerability exists in XWiki Platform. An attacker exploited the vulnerability to cause a degradation in database performance...

CVE-2022-41932

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The...

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The...

CVE-2022-41932 Creation of new database tables through login form on PostgreSQL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The...

XWiki Platform 资源管理错误漏洞

XWik Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security error vulnerability exists in XWiki Platform. An attacker exploited the vulnerability to cause a degradation in database performance...

PT-2022-26163 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.4.2 XWiki Platform versions prior to 14.6RC1 Description: The issue allows an attacker to create many new schemas and fill them with tables by using a crafted user...

ZoneMinder input validation error vulnerability

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. ZoneMinder has an input validation error vulnerability, which stems from allowing a user with view system privileges to inject new data in...

CVE-2022-39291

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...