Lucene search
K

191 matches found

CVE
CVE
added 2021/11/30 6:17 p.m.40 views

CVE-2021-44230

PortSwigger Burp Suite Enterprise Edition for Windows prior to 2021.11 exposes weak file permissions on the embedded H2 database, enabling possible privilege escalation for an attacker that already has a valid Windows account on the server and may access sensitive configuration, database, and log...

6.5CVSS6.3AI score0.00969EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/30 6:17 p.m.18 views

CVE-2021-44230

PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. I...

6.5AI score0.00969EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/30 12:0 a.m.4 views

PortSwigger Burp Suite 访问控制错误漏洞

PortSwigger Burp Suite is an application from PortSwigger UK. Software for packet-catching proxies. An Access Control Error vulnerability exists in PortSwigger Burp Suite Enterprise Edition that stems from the product not setting the correct file permissions on the embedded H2 database. An attack...

6.5CVSS6.5AI score0.00969EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/10/30 6:1 p.m.5 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +2467 more potentially affected by CVE-2021-23463 via com.h2database:h2 (>=1.4.198 <=1.4.200)

com.h2database:h2 MAVEN version =1.4.198, =1.0.0, =1.0.0, =0.5.2, =0.5.2, =0.1.0, =0.2.0, =0.2.0, =0.9.6, =1.0, =1.0.0, =0.0.1-alpha, =0.0.2-alpha, =0.0.6-alpha and more Source cves: CVE-2021-23463 Source advisory: SNYK:JAVA-COMH2DATABASE-1769238...

9.1CVSS7.2AI score0.03284EPSS
Exploits1
Snyk
Snyk
added 2021/10/30 6:1 p.m.2 views

XML External Entity (XXE) Injection

Overview com.h2database:h2 is a database engine Affected versions of this package are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource meth...

9.1CVSS7.4AI score0.03284EPSS
Exploits1References2
Gitee
Gitee
added 2021/10/17 12:0 a.m.2 views

SpringBootVulExploit

This repository is an offensive tool for Spring Boot exploitation, specifically targeting various vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can lead to remote code execution RCE. The...

8.5AI score
Exploits0
Gitee
Gitee
added 2021/10/09 4:9 p.m.3 views

SpringBootVulExploit

This repository is an offensive tool for Spring Boot exploitation. It contains various modules and scripts that can be used to exploit vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can b...

8.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/14 9:25 p.m.21 views

Security Bulletin: H2 Database Vulnerabilities Affect IBM Control Center (CVE-2018-10054, CVE-2018-14335)

Summary H2 Database could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of alias and could allow a remote attacker to obtain sensitive information, caused by improper handling of permissions in the backup function. Vulnerability Details CVEID:...

8.8CVSS2.7AI score0.34986EPSS
Exploits7Affected Software1
Packet Storm
Packet Storm
added 2021/01/07 12:0 a.m.315 views

H2 Database 1.4.199 JNI Code Execution

Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/01/06 12:0 a.m.66 views

H2 Database 1.4.199 - JNI Code Execution Vulnerability

Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/06 12:0 a.m.220 views

H2 Database 1.4.199 - JNI Code Execution

Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/11/27 10:58 a.m.4 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploits and research materials. The repository includes various projects, each targeting a specific vulnerability in Spring Boot applications. The vulnerabilities include: 1. JNDI Object deserialization RCE Remote Code Execution ...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/11/05 4:41 p.m.4 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploit checklists, which are used for authorized testing and security research purposes. The repository includes various exploits and techniques for exploiting Spring Boot applications, including: 1. Spring Boot Vulnerability...

7.2AI score
Exploits0
PyPA
PyPA
added 2020/08/05 2:15 p.m.11 views

PYSEC-2020-342

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS8.1AI score0.33478EPSS
Exploits0References4Affected Software1
Gitee
Gitee
added 2020/07/10 9:15 a.m.1 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploitation tools and techniques. The tools are designed to exploit various vulnerabilities in Spring Boot applications, including remote code execution RCE, privilege escalation, and data exfiltration. The repository includes...

8.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/06/15 6:54 p.m.27 views

CVE-2020-1963

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

6.4CVSS3.6AI score0.04983EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/06/05 4:11 p.m.91 views

File system access via H2 in Apache Ignite

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

9.1CVSS4.8AI score0.04983EPSS
Exploits0References12Affected Software1
CNVD
CNVD
added 2020/06/04 12:0 a.m.8 views

Apache Ignite H2 File Access Vulnerability

Apache Ignite is the United States Apache Apache Software Foundation's set of high-performance, integrated and distributed for large-scale data set processing in-memory computing and transaction management platform. A security vulnerability exists in Apache Ignite. The vulnerability can be...

9.1CVSS7.3AI score0.04983EPSS
Exploits0References1
OSV
OSV
added 2020/06/03 1:15 p.m.20 views

CVE-2020-1963

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

9.1CVSS7.7AI score
Exploits0References10
NVD
NVD
added 2020/06/03 1:15 p.m.25 views

CVE-2020-1963

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

9.1CVSS9.3AI score0.04983EPSS
Exploits0References10
Rows per page
Query Builder