Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

105 matches found

Citrix
Citrixadded 2024/07/13 12:0 a.m.9 views

Error: "The Login is from an Untrusted Domain and Cannot be used with Windows Authentication" Appears when Launching Provisioning Services Console

When launching the Provisioning Services Console, the critical error message appears, “Critical Error A database error occurred. Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.”...

7.2AI score
Exploits0
Prion
Prionadded 2024/02/28 10:15 a.m.18 views

Code injection

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

4CVSS7.8AI score0.00131EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/02/28 10:6 a.m.11 views

CVE-2024-27315 Apache Superset: Improper error handling on alerts

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

4.3CVSS5.3AI score0.00131EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/02/28 12:0 a.m.3 views

PT-2024-21816 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.1 Description: An authenticated user with privileges to create alerts on Alerts & Reports can generate a specially crafted SQL statement that triggers an error...

5.3CVSS7.6AI score0.00131EPSS
Exploits0References15
0day.today
0day.todayadded 2023/09/13 12:0 a.m.307 views

Fundraising Script 1.0 SQL Injection Vulnerability

Title: Fundraising Script-1.0 SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/fundraising-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The cid parameter appears to be vulnerable to SQL injection...

7.4AI score
Exploits0
0day.today
0day.todayadded 2023/09/04 12:0 a.m.260 views

Bus Reservation System 1.1 - Multiple SQL injection Vulnerability

Title: Bus Reservation System-1.1 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://demo.phpjabbers.com/1693027053628/preview.php?lid=1 Reference: https://portswigger.net/web-security/sql-injection Description: The pickupid parameter appears to be vulnerable...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2023/09/04 12:0 a.m.397 views

Bus Reservation System 1.1 - Multiple-SQLi

Title: Bus Reservation System-1.1 Multiple-SQLi Author: nu11secur1ty Date: 08/26/2023 Vendor: https://www.phpjabbers.com/ Software: https://demo.phpjabbers.com/1693027053628/preview.php?lid=1 Reference: https://portswigger.net/web-security/sql-injection Description: The pickupid parameter appears...

7.4AI score
Exploits0
NVD
NVDadded 2023/06/22 11:15 p.m.8 views

CVE-2023-34110

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS3.3AI score0.00472EPSS
Exploits0References4
Prion
Prionadded 2023/06/22 11:15 p.m.10 views

Design/Logic Flaw

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

3.3CVSS3.4AI score0.00472EPSS
Exploits0References4Affected Software1
PyPA
PyPAadded 2023/06/22 11:15 p.m.5 views

PYSEC-2023-94

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS6.7AI score0.00472EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCveadded 2023/06/22 11:15 p.m.19 views

CVE-2023-34110

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS5.9AI score0.00472EPSS
Exploits0References5
OSV
OSVadded 2023/06/22 11:15 p.m.1 views

PYSEC-2023-94

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS5.8AI score0.00472EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2023/06/22 10:34 p.m.13 views

CVE-2023-34110

Removed by vendor...

2.7CVSS4.1AI score0.00472EPSS
Exploits0
CVE
CVEadded 2023/06/22 10:34 p.m.54 views

CVE-2023-34110

Flask-AppBuilder (the Flask-based application framework) is affected by CVE-2023-34110. An authenticated admin could trigger a database error by entering a special character on the Add/Edit User form, with certain database engines potentially exposing the entire user row, including the pbkdf2:sha...

2.7CVSS3.1AI score0.00472EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2023/06/22 10:34 p.m.14 views

CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS4AI score0.00472EPSS
Exploits0References6
OSV
OSVadded 2023/06/22 7:59 p.m.1 views

GHSA-JHPR-J7CQ-3JP3 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Impact An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the...

5.1CVSS5.9AI score0.00472EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2023/06/22 7:59 p.m.26 views

Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Impact An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the...

2.7CVSS6.7AI score0.00472EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Databaseadded 2023/06/22 12:0 a.m.22 views

Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256...

2.7CVSS3.2AI score0.00472EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologiesadded 2023/06/22 12:0 a.m.2 views

PT-2023-24682 · Pypi · Flask-Appbuilder

Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.3.2 Description: An authenticated malicious actor with Admin privileges could trigger a database error by adding a special character on the add or edit User forms. This error can be surfaced back to the...

5.1CVSS3.4AI score0.00472EPSS
Exploits0References12
0day.today
0day.todayadded 2023/03/31 12:0 a.m.141 views

Bangresto 1.0 - SQL Injection Vulnerability

Exploit Title: Bangresto 1.0 - SQL Injection Exploit Author: nu11secur1ty Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Demo: https://axcora.my.id/bangrestoapp/start.php Software: https://github.com/mesinkasir/bangresto Reference:...

6.8AI score
Exploits0
Rows per page
Query Builder