23 matches found
Malicious code in noteparse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 270d4c797fe34bc0b9598608f45add8721f1fa80d1488e4fae750e3a7b38419e noteparse 1.1.27 ships live MinIO credentials in configReader.py endpoint uicfile.uniview.com, accesskey 'uicpro', secretkey 'uicpropass123' that are...
EUVD-2024-2821
Malicious code in bioql PyPI...
EUVD-2024-16960
Malicious code in bioql PyPI...
CVE-2024-1193
A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and m...
CVE-2022-39312
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...
PT-2024-31685 · Apache · Apache Druid
Name of the Vulnerable Software and Affected Versions: Apache Druid versions prior to 30.0.1 Description: The issue allows users with certain permissions to bypass restrictions on JDBC connections, potentially reading data from other database systems. This is possible by crafting a specific JDBC...
CVE-2024-1193
A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and m...
Design/Logic Flaw
A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and m...
CVE-2024-1193 Navicat MySQL Conecction denial of service
A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and m...
CVE-2024-1193
Navicat 12.0.29 is affected by a vulnerability in the MySQL Connection Handler component that can lead to a denial of service when a local attack is performed. The exploit has been disclosed publicly, and vendor responsiveness is unclear. The most concrete remediation noted in connected sources i...
Navicat Security Breach
Navicat is a database management tool from Navicat, Inc. designed to provide a visual user interface to make it easier for users to manage database design, development and maintenance. A security vulnerability exists in Navicat version 12.0.29, which originates from the component MySQL Conecction...
WPGraphQL < 1.3.6 - Denial of Service
The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL's Batching capability. v1.3.6 added a setting to disable batch...
WordPress WPGraphQL 1.3.5 Plugin - Denial of Service Exploit
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors...
WordPress WPGraphQL 1.3.5 Denial Of Service
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...
vBulletin 'vb_test.php' Information Disclosure Vulnerability - Active Check
The remote host is disclosing information if the vBulletin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vbulletin:vbulletin";...
AlkalinePHP <= 0.77.35 (adduser.php) Arbitrary Add-Admin Vuln
No description provided by source. --==+================================================================================+==-- --==+ AlkalinePHP = 0.77.35 adduser.php Arbitrary Add-Admin +==-- --==+================================================================================+==-- Discovered By:...
Shop treasure self-help built Station system command execution-vulnerability warning-the black bar safety net
Brief description: struct command execution, root permissions, the database can be connected, the number of users large Detailed description: http://login.ctoshop.com/shopsystemF/checkLogin.action Vulnerability proof: The website physical path: /home/webserver/shopsystemF java. home:...
MySQLDriverCS 4.0.1 - SQL Injection
MySQLDriverCS 4.0.1 - SQL Injection source: https://www.securityfocus.com/bid/48466/info MySQLDriverCS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to...
Arctic Fox CMS 0.9.4 Information Disclosure
Vulnerability ID: HTB22833 Reference: http://www.htbridge.ch/advisory/informationdisclosureinarcticfoxcms.html Product: Arctic Fox CMS Vendor: Michael Armbruster http://sourceforge.net/projects/arcticfox/ Vulnerable Version: 0.9.4 and probably prior versions Vendor Notification: 01 February 2011...
AlkalinePHP <= 0.77.35 (adduser.php) Arbitrary Add-Admin Vuln
No description provided by source. --==+================================================================================+==-- --==+ AlkalinePHP = 0.77.35 adduser.php Arbitrary Add-Admin +==-- --==+================================================================================+==-- Discovered By:...