191 matches found
CVE-2021-44230
PortSwigger Burp Suite Enterprise Edition for Windows prior to 2021.11 exposes weak file permissions on the embedded H2 database, enabling possible privilege escalation for an attacker that already has a valid Windows account on the server and may access sensitive configuration, database, and log...
CVE-2021-44230
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. I...
PortSwigger Burp Suite 访问控制错误漏洞
PortSwigger Burp Suite is an application from PortSwigger UK. Software for packet-catching proxies. An Access Control Error vulnerability exists in PortSwigger Burp Suite Enterprise Edition that stems from the product not setting the correct file permissions on the embedded H2 database. An attack...
africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +2467 more potentially affected by CVE-2021-23463 via com.h2database:h2 (>=1.4.198 <=1.4.200)
com.h2database:h2 MAVEN version =1.4.198, =1.0.0, =1.0.0, =0.5.2, =0.5.2, =0.1.0, =0.2.0, =0.2.0, =0.9.6, =1.0, =1.0.0, =0.0.1-alpha, =0.0.2-alpha, =0.0.6-alpha and more Source cves: CVE-2021-23463 Source advisory: SNYK:JAVA-COMH2DATABASE-1769238...
XML External Entity (XXE) Injection
Overview com.h2database:h2 is a database engine Affected versions of this package are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource meth...
SpringBootVulExploit
This repository is an offensive tool for Spring Boot exploitation, specifically targeting various vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can lead to remote code execution RCE. The...
SpringBootVulExploit
This repository is an offensive tool for Spring Boot exploitation. It contains various modules and scripts that can be used to exploit vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can b...
Security Bulletin: H2 Database Vulnerabilities Affect IBM Control Center (CVE-2018-10054, CVE-2018-14335)
Summary H2 Database could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of alias and could allow a remote attacker to obtain sensitive information, caused by improper handling of permissions in the backup function. Vulnerability Details CVEID:...
H2 Database 1.4.199 JNI Code Execution
Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...
H2 Database 1.4.199 - JNI Code Execution Vulnerability
Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...
H2 Database 1.4.199 - JNI Code Execution
Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...
SpringBootVulExploit
This repository contains a collection of Spring Boot vulnerability exploits and research materials. The repository includes various projects, each targeting a specific vulnerability in Spring Boot applications. The vulnerabilities include: 1. JNDI Object deserialization RCE Remote Code Execution ...
SpringBootVulExploit
This repository contains a collection of Spring Boot vulnerability exploit checklists, which are used for authorized testing and security research purposes. The repository includes various exploits and techniques for exploiting Spring Boot applications, including: 1. Spring Boot Vulnerability...
PYSEC-2020-342
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
SpringBootVulExploit
This repository contains a collection of Spring Boot vulnerability exploitation tools and techniques. The tools are designed to exploit various vulnerabilities in Spring Boot applications, including remote code execution RCE, privilege escalation, and data exfiltration. The repository includes...
CVE-2020-1963
Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...
File system access via H2 in Apache Ignite
Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...
Apache Ignite H2 File Access Vulnerability
Apache Ignite is the United States Apache Apache Software Foundation's set of high-performance, integrated and distributed for large-scale data set processing in-memory computing and transaction management platform. A security vulnerability exists in Apache Ignite. The vulnerability can be...
CVE-2020-1963
Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...
CVE-2020-1963
Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...