4 matches found
h2database-rce-poc
H2 Console RCE Exploit Toolkit Vulnerability exploitation scr...
Security Bulletin: H2 Database Vulnerabilities Affect IBM Control Center (CVE-2018-10054, CVE-2018-14335)
Summary H2 Database could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of alias and could allow a remote attacker to obtain sensitive information, caused by improper handling of permissions in the backup function. Vulnerability Details CVEID:...
CVE-2018-10054
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...
CVE-2018-10054
CVE-2018-10054 describes an RCE in H2 Database via the CREATE ALIAS mechanism. The issue affects H2 1.4.197 as used in Datomic before 0.9.5697 and other products, enabling remote code execution by an attacker with a crafted alias. Public references note exploit activity and Java code execution vi...