EUVD-2018-1981

Malware in sbrugna...

Art Gallery Management System SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System has a SQL injection vulnerability, the vulnerability stems from improper operation of the parameter arttype in the file /admin/add-art-type.php, which can be exploited by an attacker to query a string...

PHPGurukul Restaurant Table Booking System 安全漏洞

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from an incorrect operation of the parameter username in the /admin/checkavailability.php file, which can lead to SQL injection. An...

Davinci 安全漏洞

Davinci is edp open source a DVsaaS data visualization service platform. A security vulnerability exists in Davinci version 0.3.0-rc, which originates from the fact that a user can connect to a malicious mysql server via a controlled data source and read arbitrary files on the client side...

Deserialization Of Untrusted Data

jena-sdb is vulnerable to deserialization of untrusted data. The vulnerability exists when the attacker is able to control the JDBC url or cause the underlying database server to return malicious data, leading to remote code execution when connected to a malicious database...

DEBIAN-CVE-2022-45136

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...

Remote Code Execution

com.bstek.ureport:ureport2-console is vulnerable to remote code execution. A remote attacker is able to read sensitive user files and deserialize local gadgets by connecting the system to a malicious database server...

GHSA-W39X-CHVM-PJ3C Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets...

Deserialization of untrusted data

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets...

CVE-2022-25767 Remote Code Execution

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets...

CVE-2022-25767

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets...

CVE-2022-22958

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...

Remote Code Execution (RCE)

Overview com.bstek.ureport:ureport2-console is an UReport2 is a high-performance pure Java report engine based on Spring architecture, where complex Chinese-style statements and reports can be prepared by iterating over cells. Affected versions of this package are vulnerable to Remote Code...

Unspecified Vulnerability in Apache Kylin

Apache Kylin is an open source distributed analytics engine that provides a SQL query interface on top of Hadoop and multidimensional analytics OLAP capabilities to support very large-scale data, originally developed by eBay Inc. and contributed to the open source community. A security...

Denial Of Service (Dos)

perl-DBD-Pg is vulnerable to denial of service. A format string vulnerability in dbdimp.c in DBD::Pg allows remote attackers to crash the process, or potentially execute arbitrary code, via a malicious database warning to the pgwarn function or DBD statement to the dbdstprepare function...

CVE-2018-1000650

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

Sql injection

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

Insecure Defaults

Apache Derby is vulnerable to insecure defaults. An attacker can send network packets to a Derby Network Server to maliciously boot a database under their control control. The attack is only possible when the Java Security Manager policy file permits the reading of database locations, which is th...