133 matches found
CVE-2023-52277
Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service Heap Memory Corruption and application crash or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing i...
Memory corruption
Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service Heap Memory Corruption and application crash or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing i...
CVE-2023-41578
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection...
PT-2023-27983 · Jeecg · Jeecg
Name of the Vulnerable Software and Affected Versions: Jeecg versions up to 3.5.3 Description: The issue is an arbitrary file read vulnerability. It can be exploited via the interface "/testConnection". Recommendations: For versions up to 3.5.3, as a temporary workaround, consider restricting...
Azure Hosting Test connection shows invalid user name / password / Credentials
Unable to create new machine catalog Running the Test Connection fails with error "Invalid Credentials"...
Denial Of Service (DoS)
apacheairflow is vulnerable to Denial Of Service DoS attacks. The vulnerability can be exploited by an authenticated user with edit connection privileges, allowing them to send a large number of test connection requests, which can eventually exhaust the server's resources and cause a DoS...
GHSA-X2MH-8FMC-RQGH Apache Airflow denial of service vulnerability
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
Apache Airflow denial of service vulnerability
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
CVE-2023-37379 Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
PT-2023-4793 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.7.0 Description: The issue is related to insufficient validation of incoming requests, allowing an authenticated user with Connection edit privileges to access connection information and exploit the test...
CVE-2023-39903
An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...
CVE-2022-47880
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function...
PT-2023-15513 · Jedox · Jedox
Name of the Vulnerable Software and Affected Versions: Jedox versions 2020.2.5 Description: The issue allows remote, authenticated users with permissions to modify database connections to disclose a connection's cleartext password via the 'test connection' function in the /be/rpc.php endpoint. Th...
CVE-2022-47880
The CVE-2022-47880 vulnerability affects Jedox implementations exposing /be/rpc.php (test connection) and allows remote, authenticated users with permission to modify database connections to disclose cleartext passwords. The issue is demonstrated in Jedox versions such as 2020.2.5 and is also cit...
Jedox 2022.4.2 Database Credential Disclosure
Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47880...
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47880...
SUSE CVE-2018-1000153
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...
GHSA-RFRQ-3V89-FQG6 Reflected XSS in Jenkins Compatibility Action Storage Plugin
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...