Lucene search
K

332 matches found

Citrix
Citrix
added 2024/12/07 12:0 a.m.9 views

PVS Server Down In Console After Upgrade to 2402CU1

After upgrading the first PVS Server in the FARM to 2402 CU1 and running the Configuration Wizard the PVS Server appears down in the console. The Configuration Wizard completes with errors. The following is one example found in the AOT logs:...

7.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.4 views

The vulnerability of the PhysHdr class constructor in the CryptoManager.cpp module of the database management system “Red Database” allows a hacker to trigger a database access error.

The vulnerability of the PhysHdr class constructor in the CryptoManager.cpp module of the database management system “Red Database” is related to the fact that in some cases, when switching the database to incremental backup mode, the connection to this database would fail. Exploiting this...

7CVSS5.5AI score
Exploits0References1Affected Software1
NVD
NVD
added 2024/11/01 4:15 p.m.27 views

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

5.7CVSS0.00221EPSS
Exploits0References1
CVE
CVE
added 2024/11/01 12:0 a.m.65 views

CVE-2024-51399

The CVE-2024-51399 entry concerns Altai IX500 Indoor 22 802.11ac Wave 2 AP. Reported behavior: after login, background file reads can disclose sensitive data (user credentials, system configuration, database connection strings). Documented impact: potential data breach/identity theft. Connected s...

5.7CVSS6.5AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.5 views

PT-2024-34619 · Altai · Altai Ix500 Indoor 22 802.11Ac Wave 2 Ap

Name of the Vulnerable Software and Affected Versions: Altai IX500 Indoor 22 802.11ac Wave 2 AP affected versions not specified Description: The issue allows attackers to obtain sensitive information such as user credentials, system configuration, and database connection strings after login, due ...

5.7CVSS6.6AI score0.00221EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/01 12:0 a.m.12 views

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

6.7AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.3 views

PT-2024-32391 · Dataease +1 · Dataease +1

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.25 Description: DataEase is an open source data visualization analysis tool. The PostgreSQL data source function allows customization of JDBC connection parameters and the PG server target. However, the...

9.8CVSS7.2AI score0.00569EPSS
Exploits0References10
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/06 12:0 a.m.6 views

H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

9.1CVSS7.3AI score0.00899EPSS
Exploits1References9
Citrix
Citrix
added 2024/08/31 12:0 a.m.14 views

PVS Configuration Wizard fails when connecting to the database

The customer has PVS servers running in Azure. In the PVS Configuration Wizard, in the "Database Server" dialogue when specifying Authentication "Active Directory Password ", and proceeding with specifying a domain username and password results in an error...

7.3AI score
Exploits0
Citrix
Citrix
added 2024/07/13 12:0 a.m.7 views

Error: "The system was not configured correctly"” Appears when Provisioning Services Console Fails to Connect to Farm

The Provisioning Services Console fails to connect to the farm and displays one of the following error messages: “The system setup is not correct.” or "The system was not configured correctly" The Event logs register a series of Event 11 with StreamProcess as the source: “Cannot establish a...

7.6AI score
Exploits0
Veracode
Veracode
added 2024/06/27 6:12 a.m.21 views

Server-Side Request Forgery (SSRF)

vrana/adminer is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the improper handling of user-supplied input in database connection fields. This allows an unauthenticated remote attacker to enumerate or access systems they would not otherwise have access to...

6.9CVSS7AI score0.00412EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2024/06/26 7:40 a.m.8 views

Information Disclosure

silverstripe/framework is vulnerable to Information Disclosure. The vulnerability is due to sensitive database connection details potentially being exposed in stack traces when running in dev mode with the mysqli database driver...

6.9AI score
Exploits0
OSV
OSV
added 2024/06/24 10:15 p.m.12 views

CVE-2023-45195

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4...

5.3CVSS6.9AI score
Exploits0References1
Cvelist
Cvelist
added 2024/06/24 9:6 p.m.23 views

CVE-2023-45195 Adminer and AdminerEvo SSRF

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4...

6.9CVSS0.00412EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/06/24 9:6 p.m.13 views

CVE-2023-45195

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4...

6.9CVSS5.5AI score0.00412EPSS
Exploits0
Veracode
Veracode
added 2024/06/20 8:38 a.m.30 views

SQL Injection

Magento is vulnerable to SQL injection. The vulnerability is due to a user with store manipulation privileges being able to execute arbitrary SQL queries by accessing the database connection through a group instance in email templates...

8.8CVSS8.1AI score0.01002EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/05/12 6:5 a.m.14 views

Information Disclosure

github.com/zitadel/zitadel is vulnerable to an Information Disclosure. The vulnerability is due to inadequate error handling, which can allows expose sensitive database connection information to users during a connection failure...

5.3CVSS6.6AI score0.00635EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2024/05/01 7:15 a.m.29 views

CVE-2024-32967

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no...

5.3CVSS5.1AI score0.00635EPSS
Exploits0References8
NVD
NVD
added 2024/04/25 5:15 p.m.37 views

CVE-2024-1102

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

6.5CVSS6.7AI score0.00788EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/04/25 4:24 p.m.21 views

CVE-2024-1102 Jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

6.5CVSS7AI score0.00788EPSS
Exploits1References7
Rows per page
Query Builder