CVE-2023-30771

CVE-2023-30771 concerns Apache IoTDB’s optional iotdb-web-workbench web console. The vulnerability is an Incorrect Authorization issue affecting iotdb-web-workbench version 0.13.3, allowing high-severity impact on confidentiality, integrity, and availability (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:...

PYSEC-2023-7

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3.Attackers could login without authorization. This is fixed in 0.13.4...

CVE-2023-24831 Apache IoTDB grafana-connector Login Bypass Vulnerability

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4...

Design/Logic Flaw

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07...

Security Bulletin: Vulnerability in apache affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-2161)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in apache. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in apache. Vulnerability Details CVEID: CVE-2016-2161 Description:...

PT-2023-15381 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.07 Description: The issue is an arbitrary file reading vulnerability in Apache OFBiz when using the Solr plugin. This is a pre-authentication attack, meaning it can be exploited without needing to...

Anarchy in the UK? Not Quite: A look at the cyber health of the FTSE 350

The attack surface of the United Kingdom's 350 largest publicly traded companies has—drum roll, please—improved. But it could be better. Those are the high level findings of the latest in Rapid7's looks at the cybersecurity health of companies tied to some of the globe's largest stock indices. Th...

Improper Input Validation

apacheairflowprovidersapachespark is vulnerable to Improper Input Validation. The host and schema of JDBC Hook may contain / and ?, leading to improper input validation, which results in disclosure of confidential information to remote attackers...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server and used by IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the...

CVE-2023-27987 Apache Linkis gateway module token authentication bypass

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

CVE-2023-28710

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1...

CVE-2023-28706

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...

CVE-2023-28706

CVE-2023-28706 affects Apache Airflow Hive Provider before 6.0.0 and is caused by improper control of code generation (code injection). The vulnerability can impact confidentiality, integrity, and availability; CVSS v3.1 base score 9.8. Remediation: upgrade to 6.0.0 or later. Some sources label i...

Mageia: Security Advisory (MGASA-2023-0123)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libapreq2 packages fix security vulnerability

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. CVE-2022-22728...

RLSA-2023:0970 Moderate: httpd security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

Intern Record System 1.0 SQL Injection

Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Date: 2022-06-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link:...

Apache Tomcat 10.1 Denial Of Service

Exploit Title: Apache Tomcat 10.1 - Denial Of Service Google Dork: N/A Date: 13/07/2022 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE :...

Simple Task Managing System v1.0 - SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Simple Task Managing System v1.0 - SQL Injection Unauthenticated Exploit Author: Hamdi Sevben Vendor Homepage: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html Software Link:...

Intern Record System v1.0 - SQL Injection (Unauthenticated)

Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Date: 2022-06-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link:...