CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

EUVD-2023-41981

Malicious code in bioql PyPI...

Multiple vulnerabilities detected in PostgreSQL

Multiple PostgreSQL vulnerability updates CVE-2025-1094-PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2024-10979-PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10978-PostgreSQL SET ROLE, SET SESSION AUTHORIZATI...

Deserialization Of Untrusted Data

Apache InLong is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper input validation during deserialization, which allows an attacker to exploit URL encoding and backspace characters to bypass security checks and perform a JDBC injection attack...

CVE-2024-45198

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...

CVE-2023-38156

Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability...

Privilege escalation

Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability...

Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability

...

Metasploit Weekly Wrap-Up

VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

This module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication...

VMware Workspace ONE Remote Code Execution Exploit

This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the...

Mware Workspace ONE Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access VMSA-2022-0011 exploit chain', 'Description' = %q This module combines two vulnerabilities in order achieve remote co...

VMSA-2022-0021:VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities

Advisory ID: VMSA-2022-0021.1 CVSSv3 Range: 4.7-9.8 Issue Date:2022-08-02 Updated On: 2022-08-09 CVEs: CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665 Synopsis: VMware Workspace ONE...

SRC-2022-0015 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability (patch bypass)

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue...

VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0011)

The VMware Workspace One Access formerly VMware Identity Manager application running on the remote host is affected by the following vulnerabilities: - Server-side Template Injection Remote Code Execution Vulnerability CVE-2022-22954 - OAuth2 ACS Authentication Bypass Vulnerabilities...

VMSA-2022-0011:VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities

Advisory ID:VMSA-2022-0011.2 CVSSv3 Range:5.3-9.8 Issue Date:2022-04-06 Updated On:2022-04-13 CVEs:CVE-2022-22954, CVE-2022-22955,CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 Synopsis:VMware Workspace ONE Access, Identity Manager and vRealize...