CVE-2022-41853

CVE-2022-41853 affects hsqldb (HyperSQL DataBase). The vulnerability arises when processing untrusted input via java.sql.Statement or java.sql.PreparedStatement, where by default arbitrary static Java methods in the classpath can be invoked, enabling remote code execution. Mitigations documented ...

CVE-2022-41853 Remote code execution in HyperSQL DataBase

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

PYSEC-2020-342

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

GHSA-5WM5-8Q42-RHXG File system access via H2 in Apache Ignite

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

SolarWinds Log and Event Manager < 6.0.1 HyperSQL Remote Code Execution

According to its self-reported version number, the installation of SolarWinds Log and Event Manager on the remote host is a version prior to 6.0.1. It is, therefore, affected by a flaw in HyperSQL that allows a remote, unauthenticated user to execute arbitrary code under the context of the databa...

SolarWinds Log and Event Manager Static Credentials (CVE-2014-5504)

A policy bypass vulnerability has been reported in SolarWinds Log and Event Manager. The vulnerability is due to the usage of static/default credentials to access the HyperSQL database. A remote attacker can exploit this vulnerability to access the database with administrator privileges...

CVE-2014-5504

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL...

Design/Logic Flaw

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL...

CVE-2014-5504

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL...

CVE-2014-5504

SolarWinds Log and Event Manager pre-6.0.1 is affected by a HyperSQL authentication flaw due to static/default credentials, enabling a remote, unauthenticated attacker to execute arbitrary code in the database context. Some 6.0.0 instances may be unaffected; remediation is to upgrade to 6.0.1 or ...

SolarWinds Log and Event Manager Static Credential Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Log and Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the usage of HyperSQL. The issue lies in the usage of static...

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...