16 matches found
CVE-2026-32625
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...
CVE-2026-5848
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...
CVE-2025-70828
Datart v1.0.0-rc.3 contains a vulnerability where the JDBC configuration’s url parameter allows attackers to execute arbitrary code. The issue is consistently described across Red Hat, CVE listings, and PT Security, identifying the affected component as the JDBC URL handling. Impact is described ...
CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...
CVE-2025-58748
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...
Apache InLong 代码问题漏洞
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong versions 1.13.0 to 2.1.0 has a deserialization vulnerability , the vulnerability stems from the application in the...
h2: Loading of custom classes from remote servers through JNDI
A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...
Dream Flash website management system FCMS v5. 9 newest vulnerabilities 0day-vulnerability warning-the black bar safety net
Dream Flash website management system FCMS v5. 9 the latest vulnerability 0day The database address: xmlEditor/database/@@@datas.mdb Background xmleditor/login. asp admin/admin Message database: guestbook/db/sywl. asp the cookie injected into the drain Vulnerability file: xml/text. asp...
COCOON Counter statistical procedures vulnerability summary-vulnerability warning-the black bar safety net
A default database: counter/db/dbCCCounter6. mdb It can also be directly opened: http://www.badguest.cn /Counter/utilities/update. asp To view the source file, lookup! You can find the database address. Program problem. Second, the storm path vulnerability Use the probe http://www. xxx. com...
kingcms5. 0/5. 1 vulnerability-the vulnerability warning-the black bar safety net
To 1. kingcms 5.0 fckeditor the default path in the admin/system/editor/FCKeditor/editor/fckeditor.Html The local horse named for the hx. asp;jpg watch jpg the front there is no point.. OK..actually later do stations combined fckeditor this editor..plus the best verification..only management can...
Xianyou travel Agency management system v1. 0 vulnerabilities and fixes-vulnerability warning-the black bar safety net
Author:mer4en7y Blog:www.hi.baidu.com/alonecode 1injection vulnerabilities: Vulnerability file:newlist. asp: bid = trimrequest"bid" sid = trimrequest"sid" ... if bid"" then bwhere = " & bigid="& bid &"" else bwhere = "" end if if sid"" then swhere = " & smallid="& sid &"" else swhere = "" end if...
Fenghua classmates 2. 0 official version of injection vulnerabilities-vulnerability warning-the black bar safety net
| /TeacherList. asp? Action=ViewDetail&ID=3 Background SysAdmLogin. asp Attachment: Fenghua classmates to the system's default information is as follows: Front Desk verification will default to User name: fenghua Password: txlbbs. 1 2 6 A background verify will default to Username: kissinger...
Tradecms English foreign trade enterprises web site v1. 0. Vulnerability analysis-vulnerability warning-the black bar safety net
Release time: 2010-07-15 Affected version: Tradecms English foreign trade enterprises web site v1. 0 Vulnerability description: injection vulnerabilities, cross-permissions vulnerability; Database address: ClkjDaTa/ClkjCms. mdb Database open password: The default account and password: user: admin...
A network of popular campus web CMS system vulnerabilities-vulnerability warning-the black bar safety net
Today inadvertently browsing to the home of a high school's website, casually turn to turn. The bottom of the page directly to have“admin”, and click directly into the Background address for http://www.xxxxx.net/xyadmin/login.asp Guess a bit of the database, found at: http://www. xxxxx...
4 5 ways to get Webshell method-vulnerability warning-the black bar safety net
To GoogLe,search some keywords,edit. asp? Korean broiler chickens is more,the majority of MSSQL database! 2, To Google ,site:cq. cn inurl:asp 3, The use of mining chicken and an ASP Trojan. The file name is login. asp The path set is/manage/ The key word is went. asp 'Or'='or'to login 4, Keywords...
4 5 can get to the Webshell program-vulnerability warning-the black bar safety net
To GoogLe,search some keywords,edit. asp? Korean broiler chickens is more,the majority of MSSQLdatabase!--- I see..really a lot...you can use this..asp?=" pig" Oh 2, To Google ,site:cq. cn inurl:asp 3, The use of mining chicken and an ASP Trojan. The file name is login. asp The path set is/manage...