162 matches found
CVE-2021-36329
CVE-2021-36329 affects Dell EMC Streaming Data Platform prior to 1.3, where an Indirect Object Reference vulnerability could let a remote attacker obtain sensitive information. Multiple sources corroborate the impact as disclosure of information via indirect access. The vulnerability is documente...
CVE-2021-36328
CVE-2021-36328 corresponds to a SQL Injection vulnerability in Dell EMC Streaming Data Platform, affecting versions before 1.3. The flaw arises from a database‑level input handling issue that allows an attacker to execute arbitrary SQL commands, potentially performing unauthorized actions and exp...
CVE-2021-36328
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database...
CVE-2021-36327
Dell EMC Streaming Data Platform versions before 1.3 are affected by a Server-Side Request Forgery (SSRF) vulnerability. An unauthenticated remote attacker could trigger SSRF to perform internal network port scans and issue HTTP requests to arbitrary external domains. A fix is available via Dell ...
CVE-2021-36326
CVE-2021-36326: Dell EMC Streaming Data Platform versions prior to 1.3 expose an SSL Strip vulnerability in the UI, enabling a remote unauthenticated attacker to downgrade client–server communications to an unencrypted form. Affected component: UI for streaming data platform; root cause: unencryp...
CVE-2021-36326
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface UI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted forma...
Dell Emc Streaming Data Platform 安全漏洞
Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in the Dell Emc Streaming Data Platform that originates from the inclusion of an indirect object reference, which can be exploited by an...
Dell Emc Streaming Data Platform 安全漏洞
Dell Emc Streaming Data Platform is a platform for ingesting, storing and analyzing continuous streaming data in real time from Dell USA. communication to an unencrypted format...
Dell Emc Streaming Data Platform SQL注入漏洞
Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in Dell Emc Streaming Data Platform, which arises from a database-based application that lacks validation of externally entered SQL...
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user...
IBM Cloud Pak for Data Information Disclosure Vulnerability (CNVD-2021-95146)
Ibm Cloud Pak For Data is an open and scalable data platform from Ibm USA, Inc. provides a data structure that makes all data available for AI and analytics on any cloud.A security vulnerability exists in IBM Cloud Pak for Data that stems from the fact that IBM Cloud Pak for Data can allow a loca...
esmvalcore (>=2.0.0 <=2.2.0), esque (>=0.2.0 <=0.3.1) +6 more potentially affected by CVE-2021-38305 via yamale (>=2.0.1 <=3.0.7)
yamale PYPI version =2.0.1, =2.0.0, =0.2.0, =0.0.2, =1.0.0, =0.0.1.dev3092, =0.1.0b0, =0.1.0b6 Source cves: CVE-2021-38305 Source advisory: OSV:GHSA-435P-F82X-MXWM...
Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)
This module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexfileuploadrce msf exploitciscohyperflexfileuploadrce show targets...
Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE CVE-2021-1499', 'Description' = %q This module exploits an unauthenticated fi...
The vulnerability in the web interface for managing data storage systems in Cisco HyperFlex HX Data Platform’s hyper-converged infrastructure allows a malicious actor to upload arbitrary files.
The vulnerability in the web interface for managing data storage systems in Cisco HyperFlex HX Data Platform deployments is related to the absence of authentication procedures. Exploiting this vulnerability allows an attacker to upload arbitrary files by sending specially crafted HTTP requests...
Metasploit Wrap-Up
NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...
SQL Injection Vulnerability in Jiangsu Wo Ye Software Co.
Jiangsu Wo Ye Software Co., Ltd. focuses on auditing, housing construction, transportation, municipal, seven-color sheep and office automation and other engineering projects throughout the process of management of big data information platform development, engaged in intelligent government cloud...
CVE-2021-1499
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerabilit...
CVE-2021-1499
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerabilit...
Authentication flaw
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerabilit...