H2database代码问题漏洞

H2 database is an embeddable Rdbms written in Java . A code issue vulnerability exists in H2 database, which stems from the H2 database's getConnection method taking the driver's class name and the database's URL as parameters, which can be exploited by an attacker to pass the name of the JNDI...

Command Injection

Overview heroku-env is a package that parse the DATABASEURL from your heroku config and split it out into the PG environment variables used by psql pgdump pgrestore and nodepostgres Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/get.js...

PT-2020-15456 · Jenkins · Jenkins Pipeline Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Maven Integration Plugin versions 3.8.2 and earlier Description: A cross-site request forgery CSRF vulnerability exists, allowing attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs...

CVE-2012-5380

creationtimestamp| type| source ---|---|--- 2013-09-06 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28130...

CVE-2009-1650

creationtimestamp| type| source ---|---|--- 2009-05-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8679...

CVE-2008-4330

creationtimestamp| type| source ---|---|--- 2008-09-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6562...