Lucene search
K

133 matches found

ATTACKERKB
ATTACKERKB
added 2023/12/31 3:15 a.m.1 views

CVE-2023-52277

Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service Heap Memory Corruption and application crash or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing i...

7.8CVSS5.9AI score0.00189EPSS
Exploits1References2
Prion
Prion
added 2023/12/31 3:15 a.m.15 views

Memory corruption

Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service Heap Memory Corruption and application crash or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing i...

4.4CVSS7.8AI score0.00189EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/08 7:15 p.m.6 views

CVE-2023-41578

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection...

7.5CVSS7.2AI score0.00789EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/08 12:0 a.m.5 views

PT-2023-27983 · Jeecg · Jeecg

Name of the Vulnerable Software and Affected Versions: Jeecg versions up to 3.5.3 Description: The issue is an arbitrary file read vulnerability. It can be exploited via the interface "/testConnection". Recommendations: For versions up to 3.5.3, as a temporary workaround, consider restricting...

7.5CVSS6.9AI score0.00789EPSS
Exploits1References9
Citrix
Citrix
added 2023/08/28 12:0 a.m.8 views

Azure Hosting Test connection shows invalid user name / password / Credentials

Unable to create new machine catalog Running the Test Connection fails with error "Invalid Credentials"...

7.1AI score
Exploits0
Veracode
Veracode
added 2023/08/25 8:52 a.m.24 views

Denial Of Service (DoS)

apacheairflow is vulnerable to Denial Of Service DoS attacks. The vulnerability can be exploited by an authenticated user with edit connection privileges, allowing them to send a large number of test connection requests, which can eventually exhaust the server's resources and cause a DoS...

8.1CVSS6.7AI score0.01488EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/23 6:30 p.m.25 views

GHSA-X2MH-8FMC-RQGH Apache Airflow denial of service vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

8.1CVSS7.8AI score0.01488EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/08/23 6:30 p.m.45 views

Apache Airflow denial of service vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

8.1CVSS7.8AI score0.01488EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2023/08/23 3:38 p.m.48 views

CVE-2023-37379 Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

8.1AI score0.01488EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/23 12:0 a.m.1 views

PT-2023-4793 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.7.0 Description: The issue is related to insufficient validation of incoming requests, allowing an authenticated user with Connection edit privileges to access connection information and exploit the test...

8.5CVSS7.8AI score0.01488EPSS
Exploits0References14
OSV
OSV
added 2023/08/07 5:15 a.m.2 views

CVE-2023-39903

An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...

5CVSS5.8AI score0.00127EPSS
Exploits0References2
OSV
OSV
added 2023/05/12 2:15 p.m.4 views

CVE-2022-47880

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function...

5.3CVSS5.7AI score0.03158EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2023/05/12 12:0 a.m.5 views

PT-2023-15513 · Jedox · Jedox

Name of the Vulnerable Software and Affected Versions: Jedox versions 2020.2.5 Description: The issue allows remote, authenticated users with permissions to modify database connections to disclose a connection's cleartext password via the 'test connection' function in the /be/rpc.php endpoint. Th...

6.8CVSS5AI score0.03158EPSS
Exploits4References5
CVE
CVE
added 2023/05/12 12:0 a.m.51 views

CVE-2022-47880

The CVE-2022-47880 vulnerability affects Jedox implementations exposing /be/rpc.php (test connection) and allows remote, authenticated users with permission to modify database connections to disclose cleartext passwords. The issue is demonstrated in Jedox versions such as 2020.2.5 and is also cit...

6.8CVSS5AI score0.03158EPSS
Exploits4References2Affected Software2
Packet Storm
Packet Storm
added 2023/05/05 12:0 a.m.334 views

Jedox 2022.4.2 Database Credential Disclosure

Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47880...

7.1AI score0.03158EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.364 views

Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks

Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47880...

6.8CVSS5.4AI score0.03158EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.6 views

SUSE CVE-2018-1000153

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

8.8CVSS8.9AI score0.00688EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:22 p.m.12 views

GHSA-RFRQ-3V89-FQG6 Reflected XSS in Jenkins Compatibility Action Storage Plugin

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS5.8AI score0.00699EPSS
Exploits0References4
NVD
NVD
added 2022/04/14 1:15 p.m.21 views

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

8.8CVSS0.02715EPSS
Exploits1References4
OSV
OSV
added 2022/04/14 1:15 p.m.19 views

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

8.8CVSS7.7AI score
Exploits0References4
Rows per page
Query Builder