CVE-2022-46164

creationtimestamp| type| source ---|---|--- 2023-01-04 14:10:29+00:00| published-proof-of-concept| https://t.me/proxybar/1255 2023-01-05 11:30:20+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/7492 2023-01-05 13:41:52+00:00| published-proof-of-concept|...

GHSA-C2P4-8MVV-RWMV Apache Karaf vulnerable to potential code injection

This vulnerability is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource uses InitialContext.lookupjndiName without filtering. A...

CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...

SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P11 / 4.3 < 4.3 SP2 P8 Multiple Vulnerabilities

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P11, 4.3 SP2 P8 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities: - A server-side request forgery vulnerability SSRF where an attacker with normal BI user...

PT-2022-14709 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12 through Android-13 Description: In the setDataSource function of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure...

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...

Authentication flaw

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...

CVE-2022-4311

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation ...

CVE-2022-3641

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account...

Privilege escalation

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account...

ARC Informatique PcVue 日志信息泄露漏洞

ARC Informatique PcVue is a multifunctional HMI-SCADA software from ARC Informatique, France, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications such as industrial control, building management, energy management, smart grids, ener...

SAP Business Objects Business Intelligence Platform 跨站请求伪造漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A cross-site request forgery vulnerability exists in SAP Business...

PT-2022-25775 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP Business Objects Business Intelligence Platform Web Intelligence versions 420, 430 Description: The issue is caused by a missing authentication check, allowing an authenticated non-administrator attacker to modify the data source...

CVE-2022-3641

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account...

PT-2022-23355 · Devolutions +1 · Devolutions Remote Desktop Manager +1

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2022.3.13 through 2022.3.24 Description: The issue allows an authenticated user to spoof a privileged account due to elevation of privilege in the Azure SQL Data Source. Recommendations: For version...

net-mgmt/cacti is vulnerable to remote command injection

cacti team reports: A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device...

CVE-2022-45442

creationtimestamp| type| source ---|---|--- 2022-11-29 00:28:30+00:00| seen| https://t.me/cibsecurity/53614 2025-03-04 05:49:27+00:00| seen| https://gist.github.com/saburi-pp/237b36513b29209ae31133136478b20e 2025-04-22 16:03:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12881...

grafana: XSS vulnerability in data source handling

A Cross-site scripting XSS vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting...

FreeBSD : Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6877e164-6296-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6877e164-6296-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Starting with version...