92 matches found
CKAN 安全漏洞
CKAN is an open source Dms data management system. It is used to power data centers and data portals. A security vulnerability exists in CKAN versions prior to 2.9.9, and prior to 2.10.1, which stems from DOS due to a lack of length checking for resource ids...
CVE-2023-22746
CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...
CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images
CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...
CVE-2023-22746
CVE-2023-22746 affects CKAN Docker-based deployments where a default, shared secret key is used across multiple instances unless overridden in the container’s .env. The vulnerability allows forging authentication requests between CKAN instances when the default secret key is not customized. Affec...
CKAN 授权问题漏洞
CKAN is an open source Dms data management system. It is used to power data centers and data portals. A security vulnerability exists in CKAN version 2.9.6, which stems from an unauthenticated user taking over via a CKAN account when an existing user ID is sent via an HTTP POST request, which can...
QSAN XEVO Command Injection Vulnerability
QSAN XEVO is a flash data management system from QSAN China. Reduces repetitive tasks and provides complete data analysis. A command injection vulnerability exists in QSAN XEVO that stems from the product's INIT function not filtering special elements of user input data. An attacker could use thi...
Arbitrary File Read Vulnerability in Doco Document Management System (CNVD-2021-27651)
DuoKe document management system is for the enterprise to provide a safe, easy to use B / S architecture integrated system, through the system to complete the integration of enterprise document storage, sub-group folder display, full-text search of document content, document preview, download and...
CVE-2020-13995
CVE-2020-13995 affects the U.S. Air Force Sensor Data Management System extract75. The issue is a buffer overflow in a global variable (sBuffer) that can lead to a Write-What-Where condition. Writing beyond sBuffer can clobber global variables until reaching pointers like DES_info or image_info; ...
The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to access confidential information.
The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...
Vulnerability of the Data Management System of National Secondary Vocational Schools' Talent Cultivation Work Status due to Arbitrary Password Reset in the Backstage
Xinpengcheng is a high-tech enterprise specializing in vocational education informatization business. There is an arbitrary password reset vulnerability in the background of the National Secondary Vocational School Talent Cultivation Work Status Data Management System. An attacker can utilize thi...
HPE UIoT Unauthorized Access Vulnerability Vulnerability
HPE UIoT is a suite of universal IoT platforms from Hewlett Packard Enterprise HPE, USA. The platform features data analytics, monetary safety and synchronization management. A security vulnerability exists in the DSM portal and DSM APIs in HPE UIoT. A remote attacker could exploit the...
Sybase Advantage Data Architect - '.SQL' Format Heap Overflow
Exploit Title: Sybase Advantage Data Architect ".SQL" Format Heap Oveflow RCE Date: 2010-10-16 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility Version: 10.0 Tested on: Windows ...