Lucene search
+L

192 matches found

CVE
CVE
added 2025/02/06 2:23 p.m.72 views

CVE-2022-31764

The CVE describes an RCE in Apache ShardingSphere ElasticJob-UI Lite UI, exploitable by constructing a special H2 JDBC URL. Affected versions are 3.0.1 and earlier; ElasticJob-UI 3.0.2 fixes the issue. The attack premise requires the attacker to have obtained the account credentials; without them...

8.5CVSS6.5AI score0.00671EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 10:28 p.m.8 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS6.7AI score0.00301EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.10 views

CVE-2022-39361

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...

8.8CVSS7.9AI score0.00967EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2024/06/13 2:44 p.m.43 views

USN-6834-1: H2 vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

10CVSS8.8AI score0.64766EPSS
Exploits6
OSV
OSV
added 2024/06/13 2:44 p.m.7 views

USN-6834-1 h2database vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

10CVSS7.4AI score0.64766EPSS
Exploits6References3
BDU FSTEC
BDU FSTEC
added 2024/03/22 12:0 a.m.9 views

Com.h2database:h2 vulnerability in the H2 database management system, which allows attackers to perform XXE attacks

The vulnerability of the com.h2database:h2 package in the H2 database management system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

8.5CVSS7.8AI score0.03284EPSS
Exploits1References6Affected Software3
Spring Security Advisories
Spring Security Advisories
added 2024/03/19 12:0 a.m.34 views

Hello, Java 22!

update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead. Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade fo...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/18 5:22 p.m.65 views

Metasploit Weekly Wrap-Up

Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS...

7.5CVSS9.7AI score0.98725EPSS
Exploits10
Metasploit
Metasploit
added 2023/08/16 7:50 p.m.871 views

H2 Web Interface Create Alias RCE

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

8.8CVSS7.3AI score0.34986EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.821 views

H2 Web Interface Create Alias Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'H2 Web Interface Create Alias RCE', 'Description' = %q The H2 database contains an alias function which allows for arbitrary Java code to be used...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/16 12:0 a.m.560 views

H2 Database Web Interface Create Alias Remote Code Execution Exploit

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2023/08/09 7:50 p.m.901 views

Metabase Setup Token RCE

Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created wi...

9.8CVSS9.8AI score0.97924EPSS
Exploits37
Packet Storm
Packet Storm
added 2023/08/09 12:0 a.m.642 views

Metabase Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metabase Setup Token RCE', 'Description' = %q Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even...

9.8CVSS7.1AI score0.97924EPSS
Exploits37
0day.today
0day.today
added 2023/08/09 12:0 a.m.590 views

Metabase Remote Code Execution Exploit

Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created wi...

9.8CVSS9.7AI score0.97924EPSS
Exploits37
NVD
NVD
added 2023/08/04 4:15 p.m.27 views

CVE-2023-37470

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

10CVSS9.8AI score0.01124EPSS
Exploits0References1
Prion
Prion
added 2023/08/04 4:15 p.m.27 views

Design/Logic Flaw

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

7.5CVSS9.6AI score0.01124EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/04 3:12 p.m.30 views

CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

10CVSS9.9AI score0.01124EPSS
Exploits0References1
OSV
OSV
added 2023/08/04 3:12 p.m.30 views

CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

10CVSS9.5AI score0.01124EPSS
Exploits0References3
CVE
CVE
added 2023/08/04 3:12 p.m.2518 views

CVE-2023-37470

Metabase versions prior to 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 are affected by a remote code execution vulnerability stemming from the embedded H2 database. The issue allows a user-supplied connection string to contain code that is subsequently execu...

10CVSS9.8AI score0.01124EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/07/28 5:46 a.m.53 views

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as...

8.7AI score0.97924EPSS
Exploits37
Rows per page
Query Builder