GHSA-V585-23HC-C647 Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...

Hitachi Vantara Pentaho SQL注入漏洞

Hitachi Vantara Pentaho is a service from Hitachi, Japan, for storing and managing data in big data environments. Hitachi Vantara Pentaho suffers from a SQL injection vulnerability that could allow an unauthenticated user to execute arbitrary SQL queries on a Pentaho data source to retrieve data...

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Insufficient Access Control of Data Source Management Service Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th...

GHSA-93G4-3PHC-G4XW SQL injection in Apache DolphinScheduler

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

SQL injection in Apache DolphinScheduler

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

SQL Injection

dolphinScheduleris is vulnerable to SQL injection. The vulnerability exists due to lack of sanitization of user input in data source center, allowing authorized malicious users to inject and execute arbitrary SQL Queries...

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

Sql injection

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2021-27644

CVE-2021-27644 affects Apache DolphinScheduler prior to 1.3.6. Authorized users can trigger SQL injection in the data source center when using a MySQL data source with internal login credentials, potentially exposing or altering data in the underlying database. The related records consistently de...

CVE-2021-22402

creationtimestamp| type| source ---|---|--- 2021-10-28 16:23:35+00:00| seen| https://t.me/cibsecurity/31381...

Form Detected

The scanner has detected the presence of a form during the crawling of the target web application. Details about the form are provided in the plugin output. No source data...

CVE-2021-42228

creationtimestamp| type| source ---|---|--- 2021-10-14 20:27:53+00:00| seen| https://t.me/cibsecurity/30586...

Updated perl-DBI packages fix security vulnerability

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. CVE-2014-10402...

CVE-2021-36749

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-38163

creationtimestamp| type| source ---|---|--- 2021-09-14 16:21:47+00:00| seen| https://t.me/cibsecurity/28795 2021-09-15 14:22:34+00:00| seen| https://t.me/ptswarm/72 2021-09-16 15:55:40+00:00| seen| https://t.me/truesecator/2111 2023-06-14 21:10:04+00:00| seen|...

CVE-2021-27018

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source...